Bsides Seattle 2020

Learn to attack and defend the container orchestration system, Kubernetes, in this demo-heavy, Avengers-themed talk. As one of the hottest open source projects history, Kubernetes is no longer the primary realm of west coast technology firms.  A tremendous number of companies' engineering teams have begun running clusters. Information security professionals and DevOps engineers both need to understand the attacks and defenses against Kubernetes clusters, microservice-based applications and cloud environments. In this talk, we'll demonstrate Kubernetes attacks against the open source Bust-a-Kube cluster. We'll break the attacks with a host of defensive technologies, including configuration hardening, open source admission controllers and multiple competing container security tools. Every tool we use for attack or defense is freely-available. We'll perform our attacks manually, but also demonstrate a free tool, Peirates, that automates a portion of these attacks. Come learn to attack and defend Kubernetes!