Keep Hackers Out of Your Cluster with These 5 Simp... Christophe Tafani-Dereeper & Frederic Baguelin

Поделиться
HTML-код
  • Опубликовано: 20 мар 2024
  • Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at kubecon.io
    Keep Hackers Out of Your Cluster with These 5 Simple Tricks - Christophe Tafani-Dereeper & Frederic Baguelin, Datadog
    Many options are available to increase the security posture of a Kubernetes cluster. But which ones to prioritize, and why? In this talk, we take a data-based and threat-informed approach to prioritizing security investments. We start by describing the attacks we've seen over the past year on a network of Docker and Kubernetes honeypots we've deployed publicly-facing on the internet, mimicking the Docker API, Kubernetes API server, and Kubelet API to catch what attackers are doing in the wild. Then, we review several high-profile container escape vulnerabilities and how they've been exploited in the wild. Based on this, we list the most common ways attackers attempt to deploy malicious workloads, backdoor a cluster, or escape containers-and what are the most effective and "bang for your buck" security mechanisms that you can implement in your own cluster.
  • НаукаНаука

Комментарии • 4

  • @kadkoda
    @kadkoda 3 месяца назад

    Great session!

  • @joebowbeer
    @joebowbeer Месяц назад

    02:23 Threat modeling (managed) Kubernetes clusters
    23:02 Get the control plane basics right
    24:32 Block the cloud metadata service from workloads
    26:10 Understand cloud privileges of your workloads; 26:38 mkat
    27:09 Be intentional about what can run in your cluster
    28:30 Application security matters
    29:18 Advanced techniques; 31:16 kubehound

  • @joebowbeer
    @joebowbeer Месяц назад

    Why this caution? Because threat intelligence may be incomplete?
    7:35 Threat intelligence should (only) drive prioritization

Следующие
Автовоспроизведение
Federated IAM for Kubernetes with OpenFGA - Jonathan Whitaker, Okta35:11Federated IAM for Kubernetes with OpenFGA - Jonathan Whitaker, Okta
Federated IAM for Kubernetes with OpenFGA - Jonathan Whitaker, OktaCNCF [Cloud Native Computing Foundation]
Просмотров 1 тыс.
Event-Driven Architecture (EDA) vs Request/Response (RR)12:00Event-Driven Architecture (EDA) vs Request/Response (RR)
Event-Driven Architecture (EDA) vs Request/Response (RR)Confluent
Просмотров 131 тыс.
Kubernetes Hacking: From Weak Applications to Cluster Control36:22Kubernetes Hacking: From Weak Applications to Cluster Control
Kubernetes Hacking: From Weak Applications to Cluster ControlJohn Hammond
Просмотров 61 тыс.
Cheap vs. Expensive Jet Skis29:08Cheap vs. Expensive Jet Skis
Cheap vs. Expensive Jet SkisCboysTV
Просмотров 1,3 млн
Stray Kids "Stray Kids" Video03:25Stray Kids "Stray Kids" Video
Stray Kids "Stray Kids" VideoStray Kids
Просмотров 2,5 млн
OFFLINETV CRAFT MOLTEN GLASS21:28OFFLINETV CRAFT MOLTEN GLASS
OFFLINETV CRAFT MOLTEN GLASSOfflineTV
Просмотров 593 тыс.
Champions 2024 Skin Reveal Trailer // VALORANT01:35Champions 2024 Skin Reveal Trailer // VALORANT
Champions 2024 Skin Reveal Trailer // VALORANTVALORANT
Просмотров 652 тыс.
Turns out REST APIs weren't the answer (and that's OK!)10:38Turns out REST APIs weren't the answer (and that's OK!)
Turns out REST APIs weren't the answer (and that's OK!)Dylan Beattie
Просмотров 126 тыс.
Webinar | Kubernetes on bare metal: ready for prime time!1:05:13Webinar | Kubernetes on bare metal: ready for prime time!
Webinar | Kubernetes on bare metal: ready for prime time!Spectro Cloud
Просмотров 3,1 тыс.
Docker Networking Tutorial (Bridge - None - Host - IPvlan - Macvlan - Overlay)20:30Docker Networking Tutorial (Bridge - None - Host - IPvlan - Macvlan - Overlay)
Docker Networking Tutorial (Bridge - None - Host - IPvlan - Macvlan - Overlay)Anton Putra
Просмотров 21 тыс.
The Edge of Observability: How Chick-fil-A Observes a Fleet of 2800 Restaurant-deployed K8s Clusters22:37The Edge of Observability: How Chick-fil-A Observes a Fleet of 2800 Restaurant-deployed K8s Clusters
The Edge of Observability: How Chick-fil-A Observes a Fleet of 2800 Restaurant-deployed K8s ClustersDatadog
Просмотров 17 тыс.
The $64M Race to Save the Eiffel Tower12:46The $64M Race to Save the Eiffel Tower
The $64M Race to Save the Eiffel TowerThe B1M
Просмотров 638 тыс.
Do NOT Learn Kubernetes Without Knowing These Concepts...13:01Do NOT Learn Kubernetes Without Knowing These Concepts...
Do NOT Learn Kubernetes Without Knowing These Concepts...Travis Media
Просмотров 259 тыс.
Datadog on Data Science1:00:23Datadog on Data Science
Datadog on Data ScienceDatadog
Просмотров 1,3 тыс.
Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!29:41Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!
Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!TechWorld with Nana
Просмотров 184 тыс.
Container vs. Pod vs. Deployment vs. StatefulSet: Kubernetes Tutorial26:34Container vs. Pod vs. Deployment vs. StatefulSet: Kubernetes Tutorial
Container vs. Pod vs. Deployment vs. StatefulSet: Kubernetes TutorialAnton Putra
Просмотров 12 тыс.
😅Как ПО-НАСТОЯЩЕМУ идеально наклеить защитное стекло Доверяйте профессионалам 🤗00:27😅Как ПО-НАСТОЯЩЕМУ идеально наклеить защитное стекло Доверяйте профессионалам 🤗
😅Как ПО-НАСТОЯЩЕМУ идеально наклеить защитное стекло Доверяйте профессионалам 🤗Pochinka_blog
Просмотров 21 тыс.
Роскомнадзор блокирует VPN сервисы. Apple помогает?12:00Роскомнадзор блокирует VPN сервисы. Apple помогает?
Роскомнадзор блокирует VPN сервисы. Apple помогает?Первый отдел
Просмотров 33 тыс.
КУПИЛ САМЫЙ ПОПУЛЯРНЫЙ ПК ARDOR GAMING в DNS для CS225:51КУПИЛ САМЫЙ ПОПУЛЯРНЫЙ ПК ARDOR GAMING в DNS для CS2
КУПИЛ САМЫЙ ПОПУЛЯРНЫЙ ПК ARDOR GAMING в DNS для CS2JOSKIY
Просмотров 140 тыс.
Самая редкая видеокарта NVIDIA01:00Самая редкая видеокарта NVIDIA
Самая редкая видеокарта NVIDIAFosters PC
Просмотров 256 тыс.
 14 Pro Max premium case white colour with metal camera ring free  heart case scratch proof 00:50 14 Pro Max premium case white colour with metal camera ring free  heart case scratch proof 
 14 Pro Max premium case white colour with metal camera ring free  heart case scratch proof Rj Mobile 01
Просмотров 15 млн
Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled00:19Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled
Looks very comfortable. #leddisplay #ledscreen #ledwall #eagerled LED Screen Factory-EagerLED
Просмотров 11 млн
Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )00:39Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )
Невероятная находка!😱 ( @vitaskhr Подписывайтесь на него )EpicShortsRussia
Просмотров 609 тыс.
 14 Pro Max premium case white colour with metal camera ring free  heart case scratch proof 00:50 14 Pro Max premium case white colour with metal camera ring free  heart case scratch proof 
 14 Pro Max premium case white colour with metal camera ring free  heart case scratch proof Rj Mobile 01
Просмотров 15 млн