YoVDO

Advanced Persistence Threats - The Future of Kubernetes Attacks

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Conference Talks Courses Kubernetes Security Courses Cluster Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced persistence threats and sophisticated Kubernetes attacks in this 32-minute conference talk. Discover what could happen if a skilled attacker compromises your cluster, including techniques to avoid detection, achieve full cluster access, and maintain persistence. Learn about potential exploits using ephemeral containers and validating webhooks for malicious pod mutations and data exfiltration. Gain insights into deploying "shadow" control planes and other advanced attack methods. Understand how to detect and prevent these threats using practical, proven methods. Delve into topics such as early Kubernetes architecture, API server data flow, validating webhooks, and the differences between Kubernetes and K3s. Examine the vulnerabilities in cloud environments and explore the concept of "Cluster of Clusters" for command and control. Prepare for future attack vectors and access valuable resources to enhance your Kubernetes security posture.

Syllabus

ADVANCED PERSISTENCE THREATS
EARLY K8S ARCHITECTURE
GOALS What might an attacker want to do?
DEMO Tapping into the API Server Data Flow
VALIDATING WEBHOOKS . Virtual
DEMO Shadow API Server
KUBERNETES VS K3S
ALL CLOUDS ARE BROKEN
C2: CLUSTER OF CLUSTERS 23 Virtual
WHAT'S COMING
COMING FULL CIRCLE
RESOURCES


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Breaking the Teeth of Bluetooth Padlocks
YouTube
Closing Keynote Lectures or Life Experiences Awareness Training that Works
YouTube
Do You Want Educated Users Because This is How You Get Educated Users
YouTube
Don't Blame That Checklist for Your Crappy Security Program
YouTube
Managing Your MSSP
YouTube