The document summarizes a presentation on how to hijack a Kubernetes cluster in order to demonstrate common attack vectors and prevention best practices. The presentation includes demos of hijacking a cluster and discusses how secure application code, container images, network policies, and container runtime security can prevent hijacking. It encourages attendees to implement such security measures to harden their own Kubernetes clusters.

1. SPONSORS
Hijack a Kubernetes Cluster –
a Walkthrough
Speaker: Nico Meisenzahl
Company: white duck

2. Hijack a Kubernetes Cluster – a Walkthrough
Kubernetes Community Days Munich 2022

3. Nico Meisenzahl
• Head of DevOps Consulting & Operations
at white duck
• Microsoft MVP, GitLab Hero
• Cloud Native, Kubernetes & Azure
© white duck GmbH 2022
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org

4. About this talk
• this is not an in-depth security talk
• it should make you aware of common attack vectors and
how to prevent them
• you will see demos on how to hijack a cluster
• you will learn how to prevent those with common best practices
• three more slide, then we will start hijacking
• https://github.com/nmeisenzahl/hijack-kubernetes
© white duck GmbH 2022

5. What we will do
© white duck GmbH 2022

6. Log4Shell
https://www.splunk.com/en_us/surge/log4shell-log4j-response-overview.html

7. Why do we need to care about security?
https://www.redhat.com/en/resources/state-kubernetes-security-report

8. Security quick wins through the DevOps cycle
© white duck GmbH 2022

9. Think about
• ensure secure application / deployment code
• build secure container images
• implement Kubernetes policies
• introduce Kubernetes Network policies
• rely on Container Runtime Security
• many more…
© white duck GmbH 2022
Would have shown
the possibility of code
injection

10. Think about
• ensure secure application / deployment code
• build secure container images
• implement Kubernetes policies
• introduce Kubernetes Network policies
• rely on Container Runtime Security
• many more…
© white duck GmbH 2022
Would have made it
much harder to
hijack the container
and further expend

11. Think about
• ensure secure application / deployment code
• build secure container images
• implement Kubernetes policies
• introduce Kubernetes Network policies
• rely on Container Runtime Security
• many more…
© white duck GmbH 2022
Would have made it
much harder to
further hijack the
nodes

12. Think about
• ensure secure application / deployment code
• build secure container images
• implement Kubernetes policies
• introduce Kubernetes Network policies
• rely on Container Runtime Security
• many more…
© white duck GmbH 2022
Would have denied
network connections
(reverse shell, Redis,
Internet, metadata
service)

13. Think about
• ensure secure application / deployment code
• build secure container images
• implement Kubernetes policies
• introduce Kubernetes Network policies
• rely on Container Runtime Security
• many more…
© white duck GmbH 2022
Would have detect all
our “work” within the
containers

14. Want to learn more?
• How to Prevent Your Kubernetes Cluster From Being
Hacked (3:25 PM, Side Stage)
© white duck GmbH 2022

15. Questions?
• Slides: https://www.slideshare.net/nmeisenzahl
• Demo: https://github.com/nmeisenzahl/hijack-kubernetes
© white duck GmbH 2022
Email: nico.meisenzahl@whiteduck.de
Twitter: @nmeisenzahl
LinkedIn: https://www.linkedin.com/in/nicomeisenzahl
Blog: https://meisenzahl.org