19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Thursday, March 21 • 16:30 - 17:05
Why Barricade the Door if the Window Is Open? Making Sense of Kubernetes Initial Access Vectors - Shay Berkovich, Wiz

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Upon creation of Kubernetes cluster, the immediate security concern should be securing initial access. To achieve that, one needs to be clear on many ways malicious actors can gain access to a cluster. But how do you wrap your head around API server and data plane access, management interfaces, anonymous access, image poisoning and more? Toss on top of that different methods of authentication for every managed service and you get yourself a headache. In this talk we make sense of K8s initial access methods. In each case we list prerequisites (misconfigurations, vulnerabilities, or likeliest way an attacker can obtain credentials), compromised role permissions (impact) and mitigations. On top of that, we map these vectors to the real-world attacks observed recently and demo the most interesting scenarios. More importantly, we talk about how the access events manifest in cloud and audit logs and kernel-level visibility, so that the attendees can leave with a coherent detection strategy.

avatar for Shay Berkovich

Shay Berkovich

Threat Researcher, Wiz
Shay is part of the Threat Research team in Wiz working on various aspects of container and cloud security with the emphasis on Kubernetes emerging threats. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security... Read More →

Thursday March 21, 2024 16:30 - 17:05 CET
Pavilion 7 | Level 7.1 | Room D
  • Content Experience Level Beginner
  • Presentation Slides Attached Yes