Talks

2024

• Beyond the surface - exploring attacker persistence strategies in Kubernetes 17 Mar

2023

• The secret life of Kubernetes containers 17 Oct
• Containers for Pentesters 27 May
• Malicious Compliance - Reflections on Trusting Container Scanners 21 Apr
• Spec Driven Research for Fun and Profit 03 Mar
• The myriad paths to improving open source security 07 Feb

2022

• In theory, there’s no difference between practice and theory 23 Nov
• Admission control in Kubernetes 10 Jun
• Too Much to Choose – Making Sense of a Smorgasbord of Security Standard 20 May
• First Steps to Full Lifecycle Security with Open Source Tools 17 May

2021

• An Introduction to Container Hacking 25 Nov
• Cluster Wrangling. How to make Kubernetes clusters secure and usable 12 Nov
• Adventures in Container Vulnerability Scanning 14 Oct
• Exploiting a slightly peculiar volume configuration with SIG-Honk 13 Oct
• Getting Started with Kubernetes Security 19 Sep

2020

• Hacking and Hardening in the Cloud Native Garden 20 Nov
• Compromising Containers and Clusters 17 Apr

2019

• Cloudy Clusters Catastrophe? 19 Jun

2018

• A Hacker's Guide to Kubernetes and the Cloud 07 May
• Night Of The Living Dead Pentest 31 Jan

2016

• Docker - Security Myths, Security Legends 04 Jul

2015

• Security and Modern software development 21 May

2013

• Your Framework Will Fail You 12 May
• Pen Test Automation 16 Jan

2012

• Shadowboxing your way to a secure application 29 Jun

2011

• 10 years of application security 15 Oct
• Penetration testing must die 11 Apr
• Practical strategies for securing your web application 07 Apr

2010

• Breaking things with ruby 26 Mar

2009

• Web Application Security. Rails and the OWASP Top 10 27 Mar