The Path Less Traveled - Abusing Kubernetes Defaults

Explore the vulnerabilities and attack paths in default Kubernetes configurations through this Black Hat conference talk. Delve into the Kubernetes control plane and witness live demonstrations using sigs.k8s.io/kind to expose security risks. Learn about cluster takeovers, host escapes, and potential mitigations. Gain insights into Kubernetes components, API misconfigurations, and admission control policies. Discover how to identify and address security gaps in your Kubernetes deployments, and understand the limitations of current security measures. Equip yourself with knowledge to better secure your container orchestration environments and stay ahead of potential threats.

Introduction
Thank you
Introductions
Check your assumptions
Kubernetes defaults
What is Kubernetes
What does Kubernetes mean
How does Kubernetes work
Kubernetes components
Kubernetes API
Kubernetes Misconfigurations
CubeKettle
Apply
API Server
Pod Scheduling
Demonstration
Pod manifest
Deploy Pod
System Access
Enumeration Tool
Summary
Host Path
Docker
Docker manifest
Takeaway
Container Parts
Lets play with it
Takeaways
Is there any way to mitigate
Admission Control
Hide Security Policies
Restrict Security Policies
Quit 5 Security Policies
Conclusions
Does Admission Control Fix Everything