Tutorial: Hacking up a Storm With Kubernetes - Rory McCune, Datadog; Marion McCune & Iain Smart
Rory McCune, Datadog, Marion McCune, Iain Smart
KubeCon + CloudNativeCon Europe 2025 · Tutorial
This tutorial, "Hacking up a Storm With Kubernetes," presented primarily by Rory McCune of Datadog, offers a compelling journey into the intricacies of Kubernetes security through the lens of a hacking scenario. The talk aims to demystify complex security concepts by demonstrating how a seemingly innocuous developer attempting to deploy an application can escalate privileges and ultimately compromise a Kubernetes cluster. McCune's personal goal for the session was for every attendee to leave with at least one new insight into Kubernetes security, a goal he demonstrably achieved by revealing several lesser-known features and potential misconfigurations.
AI review
This tutorial by Rory McCune is a brutal, yet essential, masterclass in Kubernetes cluster compromise. It dissects a multi-stage attack path from a seemingly innocent developer deployment to full node root and persistent cluster administration. The session excels in revealing lesser-known Kubernetes security nuances, such as the implicit "escalate" verb within RBAC star permissions, the bypass of Pod Security Admission via namespace label manipulation, and a vivid demonstration of the unpatchable CVE-2020-8554. This isn't just theory; it's a live-fire exercise in how to break and…