Command and KubeCTL: Kubernetes Security for Pentesters and Defenders
Mark Manning
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
In this Cloud Village talk, Mark Manning, a seasoned expert in container security, delves into critical, real-world attack scenarios targeting Kubernetes environments, specifically focusing on vulnerabilities within container registries. The presentation aims to equip both pentesters with effective offensive strategies and defenders with actionable insights to harden their **Kubernetes** clusters. Manning challenges traditional network pentesting approaches when applied to ephemeral containerized systems, advocating for a more "operating system-like" perspective on Kubernetes security.
AI review
Manning delivers a technically grounded, practitioner-focused talk that earns its runtime — the whiteout file recovery angle is underappreciated in the wild and regge pillage gives it teeth, while the Vault image poisoning demo lands a concrete supply chain threat that most Kubernetes shops haven't fully internalized. Not groundbreaking research at the frontier of the field, but this is Cloud Village, not a kernel-pwn track, and the content is honest, specific, and immediately applicable.