In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Thursday, April 20 • 14:30 - 15:05
Hacking and Defending Kubernetes Clusters: We'll Do It LIVE!!! - Fabian Kammel & James Cleverley-Prance, ControlPlane

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Ever wondered about the security of your own Kubernetes cluster, but new to Kubernetes security and not sure where to start? In this talk Fabian and James will, via a series of live demos, demonstrate both common attacks and offensive techniques against Kubernetes clusters and workloads, and the runtime controls to protect against them. Scenarios include:
  • Leveraging a compromised Container to attack the underlying node, pivot across the network, or abuse accessible secrets and tokens.
  • A Malicious Insider exploiting common RBAC misconfigurations.
  • Using a single node to hijack the entire cluster.
Each attack will be contextualised via mapping to the threat model resources available to the community today, such as the MITRE ATT&CK® Containers Matrix and CNCF Financial Services User Group attack trees. Fabian and James will explain how to use these resources, and the demonstrated attacks and controls to threat model, security test and defend your own Kubernetes Clusters.

avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, ControlPlane
James works as a Cloud Native Security Engineer at ControlPlane. He spends his days focusing on static and dynamic security assessments covering cloud native, infrastructure as code, policy as code, CI/CD, and security architecture. He has reviewed the security posture of numerous... Read More →
avatar for Fabian Kammel

Fabian Kammel

Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud native) world a safer place. After graduating from Ruhr-University Bochum with a Master's in IT-Security, he worked for 5 years in automotive security, transforming old & shaping new security... Read More →

Thursday April 20, 2023 14:30 - 15:05 CEST
Hall 7, Room A | Ground Floor | Europe Complex
  101 Track