Security in Cloud Kubernetes Services: Attacking and Defending Cloud
2023-09-08, 17:30–18:15 (Europe/Berlin), Tesla

Cloud adoption is becoming more and more common nowadays. It is getting difficult to find just one company which has not any service within a cloud environment or it is not adopting cloud technologies. Attackers are also aware of this fact and Cloud environments are quite complex which is a clear enemy of security.

Our main goal with this presentation is to show some of the most common attack scenarios weaponised by cybercriminals which are affecting Cloud Kubernetes Services. We will also offer some possible controls to mitigate those risks.

After motivating the presentation, this talk will explore the shared responsibility model and their variants. This will help to introduce the attendees to the main cloud security challenges which are sometimes overlooked when migrating to the cloud.

Next, this talk is presenting the different deployment models and how those have evolved in time. How a Cloud Service Provider infrastructure looks like is introduced during this stage of the conference along with the specific role of Kubernetes within the Cloud Service Provider.

Walking towards the core of the presentation, this talk covers the most common attack vectors for Kubernetes, cloud and containers, digging into the corresponding MITRE att&ck matrices. We will put in common these Matrices with the attack scenarios presented right after this section.

Once the attack vectors have been presented, a detailed view of a step by step kubernetes exploitation is offered prior to jumping to the actual demonstrations. Following with Kubernetes attack scenarios, this presentation will offer at least two attack scenarios:

  • External Attacker gaining control of the whole Kubernetes cluster by:
  • Finding and exploiting a vulnerable application/service
  • Gaining access to the container
  • Escalating privileges within the container
  • Escaping to the host
  • Attacking the Host and performing privilege escalation
  • Insider threat and how kubernetes environments are prone to be over-permissive

Moving forward this presentation we will offer some controls and mitigations to avoid these kinds of attacks. We will focus on admission control and introduce tools like Kubewarden, Kyverno or OPA Gateway to control the Admission policies. We will also explore other options available in the market to secure other aspects of the Kubernetes deployments.

Finally this talk summarises the lessons learned from the attack scenarios shown and offers the most relevant conclusions on Kubernetes Cloud Security Services.

Best to visit my LinkedIn profile but below is a summary:

I am a security passionate. I like security since I can remember and my security journey has driven me to all sort of security related jobs like cloud security architect, security engineer, security researcher, security consultant, security analyst or web application penetration tester, to name some of them. I like to consider myself a security off road which just loves security regardless of the angle it is looked from.

OSCP, CEH, SPSE, CISA, CISM, IRCA LA 27001, ISTQBf, ITIL-f and FCE (English level B2) demonstrate my continuous commitment with being in the security edge. I want to be better in security day by day.

Apart from conferences delivered within Training Centers, Universities and High Schools some of the most remarkable ones I have delivered a conference in have been: BATOI CyberSecurity Day '23, ConTEST NY 18, Test Automation Day 18, Eurostar '16, OWASP '15, Cybercamp '15, Expo QA '14, VLC-Testing '14 and '15, After Test, Test Academy, Expert Witnessing mentor, etc. have been some of the conferences and events I have been giving talks in. Each talk or Master Class is a new challenge for me!

One driver: Never miss a chance to learn!

Currently I am working as a senior application security engineer at fintech start up called Kevin. In the past, I have worked for many years as a security consultant leading penetration testing, red teaming and threat intelligence for M&S in London. I am OCSP, OSCE and CISSP certified. I do enjoy doing research and my passion/interest is on Offensive security.