Past event

Speaking session

Kubernetes to Cloud Attack Vectors

Detroit
, ,

Cloud service providers are constantly enhancing and releasing new capabilities to provide the best managed Kubernetes experience, intertwining cloud-specific capabilities within, to ease integrations and reduce friction. This talk is about the fine line between your managed Kubernetes cluster and its underlying Cloud environment, and how intertwining cloud-specific capabilities within the managed Kubernetes services introduces potential attack vectors and lateral movement paths – from Kubernetes outwards, or from the cloud inwards.

This talk is demo-driven, we'll demonstrates several scenarios where an attacker can gain a foothold in a Kubernetes cluster and move laterally in order to compromise other cloud resources outside the cluster, or alternatively, gaining access to a cloud resource with the intent of compromising resources within a cluster. This talk also covers some of the best practices for configurations and standards to adopt in EKS, AKS and GKE to secure them from cluster-to-cloud or cloud-to-cluster attacks.

Watch the full video from the event:

Speakers

  • Alon Schindel

    LinkedIn

    Director of Data & Threat Research at Wiz

  • Danny Hershko Shemesh

    LinkedIn

    Software Engineer at Wiz