Fueling innovative software

July 15-18, 2019
Portland, OR

Add to Your Schedule

DIY pentesting for your Kubernetes cluster

Jeff Thorne (Aqua Security)

4:15pm–4:55pm Thursday, July 18, 2019

Cloud-Native Strategies and Implementation
Location: Portland 251

Secondary topics: Cloud Native

Average rating:

(5.00, 2 ratings)

Who is this presentation for?

People operating or installing Kubernetes clusters

Level

Intermediate

Description

Kube-hunter is an open source tool written in Python for pentesting a Kubernetes cluster. This kind of testing simulates what a hacker might do when trying to attack a deployment. The code chains together a number of hunter components, each of which explores a new step in a possible attack using an observer pattern.

Jeff Thorne discusses the motivations behind the project and explores some interesting aspects of how the project is implemented. You’ll learn how to test for the basics like an unsecured Kubelet API, simulate an attack from within a compromised container, and reuse the credentials from within a compromised container. You’ll leave ready to test your own Kubernetes cluster with kube-hunter and with new insights into the possible routes that an attacker might take to gain a foothold into your deployment. And perhaps you’ll even be inspired to submit a new hunter to the project.

Prerequisite knowledge

Familiarity with Kubernetes terminology like pod and node
Experience with the command line tool kubectl
A basic understanding of the main components in Kubernetes (like the API server and Kubelet)

What you'll learn

Learn how to use kube-hunter to test your own cluster for configuration issues that affect its security

Jeff Thorne

Aqua Security

Jeff Thorne is a member of the DevRel team at Aqua Security. Previously, he was the director of technology and field engineering at Trend Micro and held various roles in the app dev and infosec community at VMware, Ooyala, and Third Brigade. He has extensive experience in hybrid cloud architectures, advanced breach detection, product management, and software engineering. Jeff is a proud Canuck and now calls Seattle home.

Website

Premier Diamond Sponsor

Diamond Sponsors

Platinum Sponsor

Gold Sponsors

Silver Sponsors

Supporting Sponsors

Premier Exhibitors

Exhibitors

Innovators

Non-Profit Exhibitors

Diversity and Inclusion Sponsors

Sponsorship Opportunities

For exhibition and sponsorship opportunities, email oscon@oreilly.com

Partner Opportunities

For information on trade opportunities with O'Reilly conferences, email partners@oreilly.com

Contact Us

View a complete list of OSCON contacts

©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • confreg@oreilly.com