ATT&CKing Kubernetes: A technical deep dive into the new ATT&CK for Containers
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
15 (this month: 1)Creation date:
July 7, 2021Speakers:
Magno LoganLicense:
CC BY-SA v4Description
This presentation aims to talk about different attack scenarios leveraging Kubernetes clusters. We'll dig deeper into a real-world attack scenario using real-world applications to demonstrate different ways attackers and malicious users can use to exploit your cluster and the applications running on it. But first, we’ll give an overview about Kubernetes and its architecture, covering the main components from the Control Plane and the Worker Nodes. Then, we'll use the K8s Threat Matrix and the MITRE ATT&CK for Containers published this year to discuss the Tactics, Techniques and Procedures to demonstrate the Recon, Exploitation and Post-Exploitation phases. After that, we'll provide some best practices to securing your cluster based on the scenarios and the CIS Benchmarks for Kubernetes. We'll show how to use Role-based access control (RBAC) for Access Control, to enable audit logs for security and troubleshooting, and we'll set up some network policies to avoid communication between pods and prevent any lateral movement from attackers.
Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container and Application Security Research, Threat Modelling and Red Teaming. He has been tapped as a resource speaker for numerous security conferences around the globe. He is also a member of the CNCF SIG-Security team.
Other media in the channel "2021"
46 views, 1 this monthMeet Piotr, a firmware emulation tool for trainers and researchersJuly 7th, 2021
25 views, 1 this monthORAMFS: Achieving Storage-Agnostic PrivacyJuly 7th, 2021
11 views, 1 this monthIn Search of Lost Time: A Review of JavaScript Timers in BrowsersJuly 7th, 2021
42 views, 2 this monthRevisiting the Art of Encoder-Fu for novel shellcode obfuscation techniquesJuly 7th, 2021
24 views, 1 this monthSecurity alerting made easy using PythonJuly 7th, 2021
12 views, 1 this monthHome-Made Distributed BlocklistJuly 7th, 2021