Pods Without Borders: Lateral Movement in Azure Kubernetes Service
Nishaanth Guna
fwd:cloudsec Europe 2025 · Day 2 · Main Room
Nishaanth Guna, a senior security consultant at **MDSec**, presented a series of real-world attack scenarios drawn from assumed-breach assessments against large-scale **Azure Kubernetes Service (AKS)** environments across banking institutions and critical infrastructure. The talk demonstrated how weak or absent network policies in AKS clusters can be systematically exploited for data exfiltration, tool staging, lateral movement to domain controllers across subscriptions, and privilege escalation via over-permissioned kubelet identities. Far from theoretical, every scenario came from production engagements where clients believed their environments were secure — and were often more upset about the findings than grateful for them.
AI review
A hands-on, no-nonsense demonstration of real-world AKS exploitation from actual assumed-breach engagements. Every finding comes from production environments at banking and critical infrastructure clients, showing complete attack chains from pod compromise to domain controller access. This is what offensive cloud security research should look like — grounded in reality, not lab environments.