San Jose, CA
Crafty requests: Deep dive into a Kubernetes CVE
Level
Prerequisite knowledge
- Background knowledge of Kubernetes (useful but not required)
What you'll learn
- Understand what you can do to to protect yourself from CVE-2018-1002105
Description
You may have heard about CVE-2018-1002105, one of the most severe Kubernetes security vulnerabilities of all time. But how does this flaw work? How can it be exploited, and what does it all mean?
Ian Coldwater walks you through the Kubernetes backend, going over relevant concepts like aggregated API servers, the kubelet API, and permissions for namespace-constrained users. Ian explains how this flaw works, how a cluster’s moving parts can fit together to create a vulnerable context, and the risks involved in leaving this CVE unpatched in the wild.
Through a live demonstration, you see exactly how easy it is to exploit this vulnerability. After explaining the attack pathways, you’ll leave with practical advice about mitigation and how to protect your clusters.
Ian Coldwater
Heroku
Ian Coldwater is a DevSecOps engineer turned red teamer who specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. In their spare time, they like to go on cross-country road trips, capture flags, and eat a lot of pie. Ian lives in Minneapolis and tweets as @IanColdwater.
Sponsorship Opportunities
For exhibition and sponsorship opportunities, email velocity@oreilly.com
Partner Opportunities
For information on trade opportunities with O'Reilly conferences, email partners@oreilly.com
Contact Us
View a complete list of Velocity contacts
Twitter
Facebook
LinkedIn
YouTube©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • confreg@oreilly.com