Kubernetes is a security challenge that many organizations need to take on, and we as pentesters, developers, security practitioners, and the technically curious need to adapt to these challenges. In this talk we will look at tactics, techniques, and tools to assess and exploit Kubernetes clusters. We will demonstrate how to intercept service mesh traffic, evade runtime syscall filters, exploit custom sidecars, and chain attacks that go from compromising a build environment, to exploiting production applications. We’ll cover real world attack paths, provide practical advice, and guidance using the experience of conducting hundreds of reviews of containerized environments while running NCC Group’s container research group.
Mark Manning (@antitree) is a Technical Director with NCC Group and heads the container research practice there. He has been focused on containerization and orchestration technologies like Kubernetes and performs many of NCC Group’s containerization related assessments and research. This includes running container breakouts and attack simulations on orchestration environments, performing architecture reviews of devops pipelines, and working with developers to assist with applications that leverage containerization technologies like namespace isolation, Linux kernel controls, syscall filtering, and integration with products like Docker and Kubernetes.