Don't trust Rufus, he's a mole - introducing KIEMPossible
Golan Myers
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
In his Cloud Village talk, "Don't trust Rufus, he's a mole - introducing KIEMPossible," Golan Myers, a Security Researcher at Palo Alto Networks, delves into the intricate and often opaque world of Kubernetes identity and access management (IAM). The presentation highlights a pervasive challenge for organizations: gaining clear visibility into who (or what) has what permissions within their Kubernetes clusters, what permissions they actually *need*, and how these permissions are truly being utilized. Myers introduces **KIEMPossible**, an open-source Golang-based tool designed to provide comprehensive Kubernetes Infrastructure Entitlement Management, helping security teams and DevOps engineers untangle this complexity.
AI review
Competent, practitioner-focused Kubernetes IAM research with a useful open-source tool. The problem framing is solid and the shadow-user / GKE groups-claim blind spot findings are genuinely useful, but this is more 'thorough engineering writeup' than novel attack research — the core ideas build on well-established prior work rather than breaking new ground.