Kubernetes Privilege Escalation Tactics - Understanding and Mitigating Vulnerabilities

Explore advanced Kubernetes security vulnerabilities and privilege escalation tactics in this 29-minute conference talk by Andrew Martin and Iain Smart from ControlPlane. Dive into the world of cloud native security, learning how rogue insiders, disgruntled developers, and external threats can exploit Kubernetes clusters. Discover techniques for escalating privileges, maintaining persistence, causing cluster-wide damage, and concealing malicious activities. Gain insights into best practices for detection and cost-effective strategies to secure your clusters. Understand critical Kubernetes vulnerabilities that SREs, security teams, and penetration testers should be aware of, along with mitigation techniques. Examine edge cases of component abuse and unusual interactions between components. Learn to identify various adversary levels and tailor defenses accordingly. Walk away with knowledge of the most economical and rapid strategies for robust cluster security in this enthralling exploration of Kubernetes privilege escalation tactics.

I'll Let Myself In: Kubernetes Privilege Escalation Tactics - Andrew Martin & Iain Smart