Patrycja Wegrzynowicz, profile picture
Uploaded byPatrycja Wegrzynowicz
PDF, PPTX261 views

The Hacker's Guide to Kubernetes

This document is a presentation by Patrycja Wegrzynowicz on Kubernetes security, including an overview of its architecture and the OWASP Kubernetes Top 10 vulnerabilities. It offers demonstrations of hacking scenarios to illustrate the risks associated with misconfigurations, inadequate logging, and insecure workloads. The session emphasizes the importance of continuous learning in maintaining security within Kubernetes environments.

Embed presentation

Download as PDF, PPTX
The Hacker’s Guide to Kubernetes Patrycja Wegrzynowicz Form3
● 20+ professional experience – software engineer, architect, researcher, head of R&D ● Author and speaker – JavaOne, CodeOne, Devoxx, JFokus, JavaZone, and more ● Top 10 Women in Tech in Poland ● Oracle Groundbreaker Ambassador ● Form3, Financial Cloud – Lead Engineer ● Founder at Yon Labs – Automated tools for detection and refactoring of software defects. – Performance, security, concurrency. You can insert a picture here! Hi!
Form3, Financial Cloud ● Business Model – Provides a payment platform for financial institutions – Integrates across multiple payment schemes – Makes integration easier and quicker ● Work Model – Fully remote – Pair programming ● Technology – Cloud based – Microservices – Infrastructure as Code
Agenda ● Introduction to Kubernetes Architecture ● Introduction to OWASP Kubernetes Top 10 ● Demos ● Summary
Introduction to Kubernetes Architecture
Kubernetes Components Source: https://medium.com, Kubernetes - Architecture Overview by Ashish Patel
Introduction to OWASP Kubernetes Top 10
OWASP Kubernetes Top 10 K01 Insecure Workload Configuration K02 Supply Chain Vulnerabilities K03 Overly Permissive RBAC Configurations K04 Lack of Centralized Policy Enforcement K05 Inadequate Logging and Monitoring K06 Broken Authentication Mechanisms K07 Missing Network Segmentation Controls K08 Secrets Management Failures K09 Misconfigured Cluster Components K10 Outdated and Vulnerable Kubernetes Components
Demos
Let the fun begin! Demos! ● Demo application – https://cdc.yonlabs.com – Register an account – Each account has its secret – Log in – Wait to be hacked! ● Objective – to hack your accounts and learn your secrets
Demo #1
Demo #1 - Open Kubelet API
Demo #1 - Vulnerabilites ● Open kubelet API – K09 Misconfigured Cluster Components ● Containers: writable filesystem – K01 Insecure Workload Configuration ● Containers: run as root – K01 Insecure Workload Configuration ● Containers: quite a few tools available – reverse shell possible ● Networking: unencrypted traffic ● Networking: open egress to Internet
Swiss Cheese Model
Demo #2
Demo #2 – RCE & Network ● Remote Code Execution ● Missing Network Segmentation – Pods able to connect to unrelated pods in a different namespace
Demo #2 - Vulnerabilites ● RCE in one (!) Kubernetes deployment – K10 Outdated and Vulnerable Components ● Missing network segmentation – K07 Missing Network Segmentation Controls ● Containers: quite a few tools available – reverse shell possible ● Anonymous access to Redis
OWASP Kubernetes Top 10
K01 Insecure Workload Configuration ● Application process should not run as root ● Read-only filesystems should be used ● Privileged containers should be disallowed
K02 Supply Chain Vulnerabilities ● Image integrity ● Image composition ● Known software vulnerabilities
K03 Overly Permissive RBAC ● Role-Based Access Control as a primary authorization mechanism ● Unnecessary use of cluster-admin ● Too wide permissions ● Automatically mounted tokens
K04 Lack of Centralized Policy Enforcement ● Distributing and enforcing security policies across multiple clusters, clouds, and risk tolerances quickly becomes unmanageable for security teams. ● Detecting is not enough ● Should be blocked ● e.g. untrusted registries
K05 Inadequate Logging and Monitoring ● Relevant events such as failed authentication attempts, access to sensitive resources, manual deletion or modification of Kubernetes resources are not logged. ● Logs and traces of running workloads are not monitored for suspicious activity. ● Alerting thresholds are not in place or escalated appropriately. ● Logs are not centrally stored and protected against tampering. ● Logging infrastructure is disabled completely.
K06 Broken Authentication Mechanisms ● Human authentication – OpenID Connect, Certificates, Cloud IAM, ServiceAccount tokens ● Service Account Authentication – Should be configured with RBAC
K07 Missing Network Segmentation ● Kubernetes flat network model ● Multi-cluster – cluster segmentation ● Network policies
K08 Secrets Management Failures ● Kubernetes secret - a small standalone object containing sensitive data like passwords, tokens ● Leaking kubernetes secrets ● Encryption at rest ● Addressing security misconfiguration
K09 Misconfigured Cluster Components ● Kubelet – anonymous-auth, authorization mode ● Etcd ● Kube-apiserver
K10 Vulnerable Kubernetes Components ● ArgoCD CVEs – CVE-2022-24348 – allows to load malicious helm charts ● Kubernetes CVEs – CVE-2021-25742 – Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces ● Istio – CVE-2020-8595 – authentication bypass ● Many others!
Summary
Kubernetes Security
Swiss Cheese Model
A fool with a tool is only a fool
Continuous Learning
Q&A @yonlabs
Thank You!

More Related Content

PPTX
Top 20 best automation testing tools
byQACraft
 
PPTX
Container orchestration overview
byWyn B. Van Devanter
 
PPTX
CI/CD Overview
byAn Nguyen
 
PPTX
Amazon EKS Deep Dive
byAndrzej Komarnicki
 
PDF
Top 50 Software Testing Interview Questions & Answers | Edureka
byEdureka!
 
PPTX
Understanding Unit Testing
byikhwanhayat
 
PDF
How To Write A Test Case In Software Testing | Edureka
byEdureka!
 
PPTX
Unit tests & TDD
byDror Helper
 
Top 20 best automation testing tools
byQACraft
 
Container orchestration overview
byWyn B. Van Devanter
 
CI/CD Overview
byAn Nguyen
 
Amazon EKS Deep Dive
byAndrzej Komarnicki
 
Top 50 Software Testing Interview Questions & Answers | Edureka
byEdureka!
 
Understanding Unit Testing
byikhwanhayat
 
How To Write A Test Case In Software Testing | Edureka
byEdureka!
 
Unit tests & TDD
byDror Helper
 

What's hot

PPTX
CKA_1st.pptx
byYIJHEHUANG
 
PPTX
Kubernetes 101
byStanislav Pogrebnyak
 
PDF
Kubernetes Security Best Practices - With tips for the CKS exam
byAhmed AbouZaid
 
PDF
Flexible, hybrid API-led software architectures with Kong
bySven Bernhardt
 
PPTX
SonarQube - The leading platform for Continuous Code Quality
byLarry Nung
 
PDF
Introduction to K6
byKnoldus Inc.
 
PDF
Configuration As Code - Adoption of the Job DSL Plugin at Netflix
byJustin Ryan
 
PPTX
Devops architecture
byOjasvi Jagtap
 
PPTX
Introduction to APIs & how to automate APIs testing with selenium web driver?
byBugRaptors
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
PPTX
Sonar qube
bypenetration Tester
 
PDF
Static Code Analysis
byAnnyce Davis
 
PPTX
Kotlin Code style guidelines
bySanjay Hans
 
PDF
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
PPTX
Nunit
byDinuka Malalanayake
 
PPTX
API Test Automation Using Karate (Anil Kumar Moka)
byPeter Thomas
 
PDF
Automation Testing using Selenium
byNaresh Chintalcheru
 
PPTX
Robot framework
byKushan Shalindra Amarasiri - Technical QE Specialist
 
PDF
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
byMario Heiderich
 
PDF
Sonarqube
byPeerapat Asoktummarungsri
 
CKA_1st.pptx
byYIJHEHUANG
 
Kubernetes 101
byStanislav Pogrebnyak
 
Kubernetes Security Best Practices - With tips for the CKS exam
byAhmed AbouZaid
 
Flexible, hybrid API-led software architectures with Kong
bySven Bernhardt
 
SonarQube - The leading platform for Continuous Code Quality
byLarry Nung
 
Introduction to K6
byKnoldus Inc.
 
Configuration As Code - Adoption of the Job DSL Plugin at Netflix
byJustin Ryan
 
Devops architecture
byOjasvi Jagtap
 
Introduction to APIs & how to automate APIs testing with selenium web driver?
byBugRaptors
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
Sonar qube
bypenetration Tester
 
Static Code Analysis
byAnnyce Davis
 
Kotlin Code style guidelines
bySanjay Hans
 
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
Nunit
byDinuka Malalanayake
 
API Test Automation Using Karate (Anil Kumar Moka)
byPeter Thomas
 
Automation Testing using Selenium
byNaresh Chintalcheru
 
Robot framework
byKushan Shalindra Amarasiri - Technical QE Specialist
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
byMario Heiderich
 
Sonarqube
byPeerapat Asoktummarungsri
 

Similar to The Hacker's Guide to Kubernetes

PPTX
Kubernetes Security
byKarthik Gaekwad
 
PDF
Kubernetes 101 for_penetration_testers_-_null_mumbai
byn|u - The Open Security Community
 
PPTX
Kubernetes Security Act Now Before It’s Too Late
byMichael Furman
 
PDF
Securing k8s With Kubernetes Goat
byMuhammad Yuga Nugraha
 
PDF
The Hacker's Guide to Kubernetes: Reloaded
byPatrycja Wegrzynowicz
 
PDF
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
byJames Anderson
 
PDF
Securing Kubernetes Workloads
byJim Bugwadia
 
PDF
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
byNoNameCon
 
PDF
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
bysmalltown
 
PDF
Security threats with Kubernetes - Igor Khoroshchenko
byKuberton
 
PDF
Best Practices To Secure Kubernetes Cluster
byUrolime Technologies
 
PDF
Hacking Kubernetes Threat Driven Analysis and Defense 1st Edition Andrew Martin
bynoniqclarah
 
PDF
Attacking and Defending Kubernetes - Nithin Jois
byOWASP Hacker Thursday
 
PPTX
The State of Kubernetes Security
byJimmy Mesta
 
PPTX
12 Ways Not to get 'Hacked' your Kubernetes Cluster
bySuman Chakraborty
 
PPTX
10 tips for Cloud Native Security
byKarthik Gaekwad
 
PPTX
DevSecOps in a cloudnative world
byKarthik Gaekwad
 
PPTX
K8s security best practices
bySharon Vendrov
 
PPTX
K8s security best practices
bySharon Vendrov
 
PPTX
KubeSecOps
byKarthik Gaekwad
 
Kubernetes Security
byKarthik Gaekwad
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
byn|u - The Open Security Community
 
Kubernetes Security Act Now Before It’s Too Late
byMichael Furman
 
Securing k8s With Kubernetes Goat
byMuhammad Yuga Nugraha
 
The Hacker's Guide to Kubernetes: Reloaded
byPatrycja Wegrzynowicz
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
byJames Anderson
 
Securing Kubernetes Workloads
byJim Bugwadia
 
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
byNoNameCon
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
bysmalltown
 
Security threats with Kubernetes - Igor Khoroshchenko
byKuberton
 
Best Practices To Secure Kubernetes Cluster
byUrolime Technologies
 
Hacking Kubernetes Threat Driven Analysis and Defense 1st Edition Andrew Martin
bynoniqclarah
 
Attacking and Defending Kubernetes - Nithin Jois
byOWASP Hacker Thursday
 
The State of Kubernetes Security
byJimmy Mesta
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
bySuman Chakraborty
 
10 tips for Cloud Native Security
byKarthik Gaekwad
 
DevSecOps in a cloudnative world
byKarthik Gaekwad
 
K8s security best practices
bySharon Vendrov
 
K8s security best practices
bySharon Vendrov
 
KubeSecOps
byKarthik Gaekwad
 

More from Patrycja Wegrzynowicz

PDF
The Hacker's Guide to NoSQL Injection
byPatrycja Wegrzynowicz
 
PDF
The Hacker's Guide to JWT Security
byPatrycja Wegrzynowicz
 
PDF
Second Level Cache in JPA Explained
byPatrycja Wegrzynowicz
 
PDF
Lazy vs. Eager Loading Strategies in JPA 2.1
byPatrycja Wegrzynowicz
 
PDF
Secure Authentication and Session Management in Java EE
byPatrycja Wegrzynowicz
 
PDF
The Hacker's Guide to XSS
byPatrycja Wegrzynowicz
 
PDF
The Hacker's Guide to Session Hijacking
byPatrycja Wegrzynowicz
 
PDF
The Hacker's Guide to JWT Security
byPatrycja Wegrzynowicz
 
PPTX
Thinking Beyond ORM in JPA
byPatrycja Wegrzynowicz
 
PDF
The Hacker's Guide To Session Hijacking
byPatrycja Wegrzynowicz
 
PPTX
Thinking Beyond ORM in JPA
byPatrycja Wegrzynowicz
 
The Hacker's Guide to NoSQL Injection
byPatrycja Wegrzynowicz
 
The Hacker's Guide to JWT Security
byPatrycja Wegrzynowicz
 
Second Level Cache in JPA Explained
byPatrycja Wegrzynowicz
 
Lazy vs. Eager Loading Strategies in JPA 2.1
byPatrycja Wegrzynowicz
 
Secure Authentication and Session Management in Java EE
byPatrycja Wegrzynowicz
 
The Hacker's Guide to XSS
byPatrycja Wegrzynowicz
 
The Hacker's Guide to Session Hijacking
byPatrycja Wegrzynowicz
 
The Hacker's Guide to JWT Security
byPatrycja Wegrzynowicz
 
Thinking Beyond ORM in JPA
byPatrycja Wegrzynowicz
 
The Hacker's Guide To Session Hijacking
byPatrycja Wegrzynowicz
 
Thinking Beyond ORM in JPA
byPatrycja Wegrzynowicz
 

Recently uploaded

PPTX
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
PDF
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
PPTX
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
PDF
Kiến trúc hướng dịch vụ UET!!!!!!!!!!!!!!!!!!!!!!!
bydoquangminh962004
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PPTX
SNG460-CNG489_Week6_3-7Nov25_Chp6-Part1.pptx
byberayseray382
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PDF
Using Agentic RAG for Research - Demonstration of NotebookLM
byRathish Chandra Gatti,Ph.D
 
PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PPTX
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PDF
DSD-INT 2025 Introduction to Hydrology Suite - Slootjes
byDeltares
 
PDF
DSD-INT 2025 Integrating Nature-Based Solutions into Hydrological Models A Li...
byDeltares
 
PDF
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
PDF
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
Constraints First - Why Our On-Prem Ticketing System Starts With Limits, Not ...
bySpirit Face
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
Kiến trúc hướng dịch vụ UET!!!!!!!!!!!!!!!!!!!!!!!
bydoquangminh962004
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
Coding Assessment Tools .pdf
byCodexpro
 
SNG460-CNG489_Week6_3-7Nov25_Chp6-Part1.pptx
byberayseray382
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
Using Agentic RAG for Research - Demonstration of NotebookLM
byRathish Chandra Gatti,Ph.D
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
DSD-INT 2025 Introduction to Hydrology Suite - Slootjes
byDeltares
 
DSD-INT 2025 Integrating Nature-Based Solutions into Hydrological Models A Li...
byDeltares
 
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
In this document
Powered by AI

Introduction of Patrycja Wegrzynowicz, her experience, and Form3's cloud payment platform.

Introduction to Kubernetes architecture and agenda including OWASP Kubernetes Top 10.

Detailed overview of OWASP Kubernetes Top 10 vulnerabilities highlighting security issues.

Introduction to live demo sessions showcasing practical hacking scenarios with objectives.

Focus on Demo #1 vulnerabilities including insecure configurations and open kubelet API.

Detailed analysis of vulnerabilities in Demo #2 including Remote Code Execution and network issues.

Thorough exploration of each OWASP Kubernetes Top 10 vulnerability with mitigation strategies.

Summary of security implications, Swiss Cheese Model, and the importance of continuous learning.

Session wrap-up with a Q&A segment and a thank you from the presenter.

The Hacker's Guide to Kubernetes

  • 1.
    The Hacker’s Guideto Kubernetes Patrycja Wegrzynowicz Form3
  • 2.
    ● 20+ professionalexperience – software engineer, architect, researcher, head of R&D ● Author and speaker – JavaOne, CodeOne, Devoxx, JFokus, JavaZone, and more ● Top 10 Women in Tech in Poland ● Oracle Groundbreaker Ambassador ● Form3, Financial Cloud – Lead Engineer ● Founder at Yon Labs – Automated tools for detection and refactoring of software defects. – Performance, security, concurrency. You can insert a picture here! Hi!
  • 3.
    Form3, Financial Cloud ●Business Model – Provides a payment platform for financial institutions – Integrates across multiple payment schemes – Makes integration easier and quicker ● Work Model – Fully remote – Pair programming ● Technology – Cloud based – Microservices – Infrastructure as Code
  • 4.
    Agenda ● Introduction toKubernetes Architecture ● Introduction to OWASP Kubernetes Top 10 ● Demos ● Summary
  • 5.
  • 6.
    Kubernetes Components Source: https://medium.com,Kubernetes - Architecture Overview by Ashish Patel
  • 7.
  • 8.
    OWASP Kubernetes Top10 K01 Insecure Workload Configuration K02 Supply Chain Vulnerabilities K03 Overly Permissive RBAC Configurations K04 Lack of Centralized Policy Enforcement K05 Inadequate Logging and Monitoring K06 Broken Authentication Mechanisms K07 Missing Network Segmentation Controls K08 Secrets Management Failures K09 Misconfigured Cluster Components K10 Outdated and Vulnerable Kubernetes Components
  • 9.
  • 10.
    Let the funbegin! Demos! ● Demo application – https://cdc.yonlabs.com – Register an account – Each account has its secret – Log in – Wait to be hacked! ● Objective – to hack your accounts and learn your secrets
  • 11.
  • 12.
    Demo #1 -Open Kubelet API
  • 13.
    Demo #1 -Vulnerabilites ● Open kubelet API – K09 Misconfigured Cluster Components ● Containers: writable filesystem – K01 Insecure Workload Configuration ● Containers: run as root – K01 Insecure Workload Configuration ● Containers: quite a few tools available – reverse shell possible ● Networking: unencrypted traffic ● Networking: open egress to Internet
  • 14.
  • 15.
  • 16.
    Demo #2 –RCE & Network ● Remote Code Execution ● Missing Network Segmentation – Pods able to connect to unrelated pods in a different namespace
  • 17.
    Demo #2 -Vulnerabilites ● RCE in one (!) Kubernetes deployment – K10 Outdated and Vulnerable Components ● Missing network segmentation – K07 Missing Network Segmentation Controls ● Containers: quite a few tools available – reverse shell possible ● Anonymous access to Redis
  • 18.
  • 19.
    K01 Insecure WorkloadConfiguration ● Application process should not run as root ● Read-only filesystems should be used ● Privileged containers should be disallowed
  • 20.
    K02 Supply ChainVulnerabilities ● Image integrity ● Image composition ● Known software vulnerabilities
  • 21.
    K03 Overly PermissiveRBAC ● Role-Based Access Control as a primary authorization mechanism ● Unnecessary use of cluster-admin ● Too wide permissions ● Automatically mounted tokens
  • 22.
    K04 Lack ofCentralized Policy Enforcement ● Distributing and enforcing security policies across multiple clusters, clouds, and risk tolerances quickly becomes unmanageable for security teams. ● Detecting is not enough ● Should be blocked ● e.g. untrusted registries
  • 23.
    K05 Inadequate Loggingand Monitoring ● Relevant events such as failed authentication attempts, access to sensitive resources, manual deletion or modification of Kubernetes resources are not logged. ● Logs and traces of running workloads are not monitored for suspicious activity. ● Alerting thresholds are not in place or escalated appropriately. ● Logs are not centrally stored and protected against tampering. ● Logging infrastructure is disabled completely.
  • 24.
    K06 Broken AuthenticationMechanisms ● Human authentication – OpenID Connect, Certificates, Cloud IAM, ServiceAccount tokens ● Service Account Authentication – Should be configured with RBAC
  • 25.
    K07 Missing NetworkSegmentation ● Kubernetes flat network model ● Multi-cluster – cluster segmentation ● Network policies
  • 26.
    K08 Secrets ManagementFailures ● Kubernetes secret - a small standalone object containing sensitive data like passwords, tokens ● Leaking kubernetes secrets ● Encryption at rest ● Addressing security misconfiguration
  • 27.
    K09 Misconfigured ClusterComponents ● Kubelet – anonymous-auth, authorization mode ● Etcd ● Kube-apiserver
  • 28.
    K10 Vulnerable KubernetesComponents ● ArgoCD CVEs – CVE-2022-24348 – allows to load malicious helm charts ● Kubernetes CVEs – CVE-2021-25742 – Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces ● Istio – CVE-2020-8595 – authentication bypass ● Many others!
  • 29.
  • 30.
  • 31.
  • 32.
    A fool witha tool is only a fool
  • 33.
  • 34.
  • 35.