back

Hacking Containers, Kubernetes and Clouds

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:26:14
Language
English
Abstract
Tokens are a powerful way of controlling the access to to Rest APIs. Chasing them should be hard.

Unfortunately, there is a widespread habit of leaving tokens lying around allowing very powerful attack vectors. An attack demonstrates how to hack an OpenShift cluster, which is fully securty compliant to the accepted standards of NIST and CIS. Hijacking a container gives full control to the cluster, including host access. If running in the cloud, the cluster can be used for further attacks, because the host has another token to the cloud API server. With this token, arbitrary accounts and cloud resources can be controlled, including virtual machines, storage and derived accounts.

This will be part of a set of trainings on Kubernetes security, open sourced at

https://github.com/thomasfricke/training-kubernetes-security

Talk ID
rc3-nowhere-247
Event:
rc3-2021
Day
1
Room
c-base
Start
12:30 p.m.
Duration
00:30:00
Track
None
Type of
Talk
Speaker
Thomas Fricke
Talk Slug & media link
rc3-2021-cbase-247-hacking-containers-kubernetes-and-clouds

Talk & Speaker speed statistics

Very rough underestimation:
119.4 wpm
673.2 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  
100.0% Checking done100.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
119.4 wpm
673.2 spm
applicationclusterkubernetesaccountcontainerservicecloudaccesssecurityexposedimageseffectivelyfullinternetexampleversioncontainerscurladmininsidedevelopersimageapplicationsstepsoftwarekubectlroleinstallrootbettertalknodeentirevulnerablecommandsbasedexploitdefaultflawinstallationstepssidebuildsimpletemppreventprivilegedcriticalbitaccounts