Command and KubeCTL: Real-World Kubernetes Security for Pentesters

ShmooCon XVI - 2020

Presented by: Mark Manning
Date: Saturday February 01, 2020
Time: 11:00 - 11:50
Location: Belay It!

Kubernetes is a security challenge that many organizations need to take on, and we as pentesters, developers, security practitioners, and the technically curious need to adapt to these challenges. In this talk we will look at tactics, techniques, and tools to assess and exploit Kubernetes clusters. We will demonstrate how to intercept service mesh traffic, evade runtime syscall filters, exploit custom sidecars, and chain attacks that go from compromising a build environment, to exploiting production applications. We’ll cover real world attack paths, provide practical advice, and guidance using the experience of conducting hundreds of reviews of containerized environments while running NCC Group’s container research group.

Mark Manning

Mark Manning (@antitree) is a Technical Director with NCC Group and heads the container research practice there. He has been focused on containerization and orchestration technologies like Kubernetes and performs many of NCC Group’s containerization related assessments and research. This includes running container breakouts and attack simulations on orchestration environments, performing architecture reviews of devops pipelines, and working with developers to assist with applications that leverage containerization technologies like namespace isolation, Linux kernel controls, syscall filtering, and integration with products like Docker and Kubernetes.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats