SecurityConference45min
Beyond the Pod: Privilege Escalation in Kubernetes
The talk explores privilege escalation risks in Kubernetes, discussing vulnerabilities such as misconfigured permissions, vulnerable pods, and exploitable components. It demonstrates how these can lead to unauthorized access via group impersonation, role binding, and token theft, concluding with best practices to bolster Kubernetes security.
Patrycja WegrzynowiczForm3
talkDetail.whenAndWhere
Friday, April 19, 14:35-15:20
Paris 242AB
This talk examines the risks of privilege escalation in Kubernetes, focusing on common vulnerabilities like misconfigured RBAC permissions, vulnerable pods and containers, and exploitable components such as kubelet, API server, and etcd. We discuss how these oversights can lead to unauthorized administrative access through tactics like group impersonation, role binding, and token or secret theft. The presentation includes practical demos to highlight key security issues and concludes with essential best practices to enhance Kubernetes security and prevent escalation threats.
Patrycja Wegrzynowicz
Patrycja is a lead engineer at Form3, working on reliability and performance of UK payments. She is also the founder of Yon Labs, a startup focusing on automated tools for detection and refactoring of security vulnerabilities, performance anti-patterns, or cloud issues and providing consultancy in Java, C++, Go, and cloud technologies.
She is a regular speaker at software conferences, including KubeCon, CodeOne, JavaOne, Devoxx, JFokus, and others. She was awarded an Oracle Groundbreaker Ambassador title in 2020 and 2021, Oracle ACE Associate and Pro in 2022 and 2023. She was also named as one of Top 10 Women in Tech in Poland in 2016.
Her interests focus on automated software engineering, mainly static and dynamic analysis techniques to support software verification, optimization, and deployment.
She is a regular speaker at software conferences, including KubeCon, CodeOne, JavaOne, Devoxx, JFokus, and others. She was awarded an Oracle Groundbreaker Ambassador title in 2020 and 2021, Oracle ACE Associate and Pro in 2022 and 2023. She was also named as one of Top 10 Women in Tech in Poland in 2016.
Her interests focus on automated software engineering, mainly static and dynamic analysis techniques to support software verification, optimization, and deployment.
comments.speakerNotEnabledComments