Engineer for the future of Cloud
June 10-13, 2019
San Jose, CA

Lessons from hacking Kubernetes with kube-hunter

Liz Rice (Aqua Security)
2:20pm3:00pm Wednesday, June 12, 2019
Kubernetes
 Location: LL21 C/D
Average rating: ****.
(4.20, 5 ratings)

Level

Advanced

Prerequisite knowledge

  • Familiarity with Kubernetes components and concepts
  • A basic understanding of issuing network requests using curl

What you'll learn

  • Learn how not to configure your cluster if you want to keep it safe

Description

Kube-hunter is an open source application written in Python that explores how a Kubernetes cluster responds to various network requests and whether this highlights any security-related issues or misconfigurations. These tests replicate what an attacker might do in an attempt to gain a foothold in your cluster.

Liz Rice explores how some of these interesting attacks might work—if your cluster is misconfigured—by issuing network requests in a live demonstration. You’ll see how Kubernetes misconfigurations could be exploited to gain access to your hosts, your containers, and potentially even your customer data.

Photo of Liz Rice

Liz Rice

Aqua Security

Liz Rice is the technology evangelist at container security specialists Aqua Security and coauthor of the O’Reilly report Kubernetes Security. She has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as video on demand (VOD), music, and voice over internet protocol (VoIP). When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London or racing in virtual reality on Zwift.