Loading…
In-person
19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Wednesday, March 20 • 12:10 - 12:45
I'll Let Myself In: Kubernetes Privilege Escalation Tactics - Andrew Martin & Iain Smart, ControlPlane

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.


Penetration testing Kubernetes shouldn't be easy, but we can make it so! Rogue SRE insider threat? Platform developers with grudges? Hostile internet citizens? Discover how to escalate your privilege, attain persistence, wreak cluster-wide havoc, and hide any trace of your activity in this enthralling exploration of cloud native security! Join us for a learner-friendly yet advanced dive into the myriad ways both trusted and unprivileged users can exploit Kubernetes. We'll guide you through best practices for detection and demonstrate the most cost-effective and efficient strategies for securing your clusters. - Understand Kubernetes vulnerabilities that SREs, security teams, and pentesters should know — and techniques to mitigate them - Explore edge-cases of component abuse, and cruel and unusual interactions between components - Identify various adversary levels and tailor your defences accordingly - Learn the most economical and rapid strategies for robust cluster security
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Iain Smart

Iain Smart

Principal Consultant, ControlPlane
Iain Smart is a Principal Consultant at ControlPlane, where he reviews cloud-native deployments and performs offensive security engagements. He enjoys playing with new technologies, and if he's not hacking a Kubernetes cluster or attacking a build pipeline he can probably be found... Read More →

Ill Let Myself In Kubecon EU 2024 Final pdf
Wednesday March 20, 2024 12:10 - 12:45 CET
Pavilion 7 | Level 7.3 | S05
  Security