Beyond the surface - exploring attacker persistence strategies in Kubernetes
Kubernetes has been put to great use by a wide variety of organizations to manage their workloads, as it hides away a lot of the complexity of managing and scheduling containers. But with each added layer of abstraction, there can be new places for attackers to hide in darkened corners.
This talk will examine how attackers can (ab)use little known features of Kubernetes and the components that are commonly deployed as part of cloud-native containerized workloads to persist in compromised systems, sometimes for years at a time. We’ll also pinpoint places where, if you don’t detect the initial attack, it might be very difficult to spot the attacker lurking in your cluster.
This talk was delivered at Cloud Native Rejekts 2024, there’s a recording from that event here