A Commencement into Real Kubernetes Security
Jay Beale, Mark Manning
ShmooCon XX (Final) · Day 2 · Belay It
In "A Commencement into Real Kubernetes Security," Mark Manning and Jay Beale challenge conventional wisdom surrounding Kubernetes security, urging practitioners to shift their focus from theoretical, "scariest" threats to practical, real-world attack vectors. The talk highlights a significant disconnect between what is commonly taught or assumed about securing Kubernetes environments and the actual vulnerabilities exploited by adversaries in production. Manning and Beale, both seasoned practitioners in Kubernetes penetration testing and cloud security, leverage their extensive consulting experience to expose these disparities.
AI review
This session, "A Commencement into Real Kubernetes Security," is a brutally honest and technically profound examination of practical Kubernetes threats versus perceived ones. The speakers, clearly seasoned practitioners, dismantle common misconceptions surrounding container hardening via setcomp and the overemphasis on CVE remediation. They demonstrate with original research and tools (setcomp diff, parades) how even "compliant" clusters remain vulnerable to rbac misconfigurations and admission control bypasses. It's a critical call to prioritize realistic attack vectors over security…