As Kubernetes matures, gone are the days when we can fully compromise a cluster by just taking over a pod and sending commands to the Kubernetes API service. RBAC and other Kubernetes security features force attackers to pivot at least once to find the right vulnerable pod/service account with the right privileges to take over a cluster. The attack surface grows as the cluster gets bigger and more third-party applications are deployed. By understanding the attacker’s workflow and gaining visibility into the relevant connections, we are able to identify our cluster’s weak points and limit the attacker’s reach.
In this webinar, we will:
* Examine some common techniques that an attacker can use to gain intel about your cluster’s setup once they are inside
* Show a demo of an attacker gaining root access by impersonating a sample third-party application after exploiting a vulnerable API call
* Visualize the attack using Calico Enterprise and review mitigation strategies