Andrew Martin
Hacking Kubernetes: Live Demo Marathon
#1about 8 minutes
Understanding the Kubernetes threat landscape and adversaries
Threat modeling helps build appropriate security controls by identifying potential adversaries, from script kiddies to organized crime.
#2about 3 minutes
Demonstrating a supply chain attack using NPM hooks
A malicious NPM package can use a preinstall hook to execute arbitrary code and exfiltrate sensitive files like SSH or cloud keys from a developer's machine.
#3about 12 minutes
Gaining a reverse shell through pod misconfigurations
An attacker can gain a reverse shell and break out of a container by exploiting pod misconfigurations like privileged mode and sharing the host PID namespace.
#4about 9 minutes
Executing a container breakout using the Dirty Pipe vulnerability
The Dirty Pipe vulnerability allows an unprivileged user to overwrite root-owned files, enabling a container breakout by patching the runc binary in memory.
#5about 7 minutes
Pivoting post-breakout to steal secrets from other pods
After gaining root on a node, an attacker can pivot by enumerating the host filesystem to find and steal secrets mounted into other pods running on the same node.
#6about 5 minutes
Using canary tokens as a last line of defense
Embedding canary tokens, which are credentials with no permissions, provides a tripwire that triggers an intrusion detection alert when an attacker attempts to use them.
Related jobs
Jobs that call for the skills explored in this talk.
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
Power Plus Communications
Mannheim, Germany
Intermediate
Senior
Docker
Kubernetes
+2
Matching moments
01:06 MIN
Malware campaigns, cloud latency, and government IT theft
Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre
01:15 MIN
Crypto crime, EU regulation, and working while you sleep
Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre
05:01 MIN
Comparing the security models of browsers and native apps
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
07:39 MIN
Prompt injection as an unsolved AI security problem
AI in the Open and in Browsers - Tarek Ziadé
04:17 MIN
Playing a game of real or fake tech headlines
WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More
03:45 MIN
Preventing exposed API keys in AI-assisted development
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
05:55 MIN
The security risks of AI-generated code and slopsquatting
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
09:38 MIN
Technical challenges of shipping a cross-platform browser
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
Featured Partners
Related Videos
42:45Kubernetes Security - Challenge and Opportunity
Marc Nimmerrichter
23:08Kubernetes Security Best Practices
Rico Komenda
28:47Turning Container security up to 11 with Capabilities
Mathias Tausig
24:47Supply Chain Security and the Real World: Lessons From Incidents
Adrian Mouat
57:24Mastering Kubernetes – Beginner Edition
Hannes Norbert Göring
27:52Chaos in Containers - Unleashing Resilience
Maish Saidel-Keesing
44:00Enhancing Workload Security in Kubernetes
Dimitrij Klesev & Andreas Zeissner
1:58:59Stranger Danger: Your Java Attack Surface Just Got Bigger
Vandana Verma Sehgal
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
CompuSafe Data Systems AG
Berlin, Germany
Remote
Senior
Bash
Linux
Scrum
DevOps
+4
ITERGO Informationstechnologie GmbH
Vienna, Austria
€44K
GIT
DevOps
Grafana
Prometheus
+3
Cloud Solutions
Frankfurt am Main, Germany
Go
Bash
Rust
Linux
Shell
+6
Rocken AG
Bern, Switzerland
Remote
Linux
DevOps
Kubernetes
Microservices