Hacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson

Update: 2024-05-28

Description

In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.

They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.

You will learn:

How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.
How they moved laterally and managed to obtain push and pull rights to a private container registry.
Recommendations for securing multi-tenant Kubernetes clusters and maintaining environment hygiene.

More info

Find all the links and info for this episode here: https://ku.bz/yr16qNTFx
Interested in sponsoring an episode? Learn more.

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Exploring multi-tenancy for my Kubernetes learning platform, with Stefan Roman

2024-12-1046:02

Optimize the Kubernetes dev experience by creating silos, with Michael Levan

2024-12-0347:20

Rebuilding my homelab: suffering as service, with Xe iaso

2024-11-1942:50

The hater's guide to Kubernetes, with Paul Butler

2024-11-1243:25

Kubernetes webhooks explained and Aspect Oriented Programming, with Gordon Myers

2024-11-0526:29

98% faster data imports in deployment previews, with Nick Nikitas

2024-10-2919:04

When Kubernetes and Go don't work well together, with Emin Laletović

2024-10-2225:56

Declarative configuration and the Kubernetes Resource Model, with Brian Grant

2024-10-1552:30

Comparing GitOps: Argo CD vs Flux CD, with Andrei Kvapil

2024-10-0830:37

Kubernetes is simple: it's just Linux, with Eric Jalal

2024-10-0148:50

Configuring requests & limits with the HPA at scale, with Alexandre Souza

2024-09-2452:43

Tortoise: outpacing the optimization challenges in Kubernetes, with Kensei Nakada

2024-09-1758:49

How we are managing a container platform with Kubernetes, with Ángel Barrera Sánchez

2024-09-1049:02

The basics of observing Kubernetes: a bird-watcher's perspective, with Miguel Luna

2024-09-0342:38

Abusing Distroless containers: shell commands on shell-less containers, with Harsha Koushik

2024-08-2731:22

The ticking supply chain attack bomb of exposed Kubernetes secrets, with Assaf Morag and Yakir Kadkoda

2024-06-1850:40

From 0 to 10k builds a week with self-hosted Jenkins on Kubernetes, with Stéphane Goetz

2024-06-1148:06

Platform engineering: learning from the Kubernetes API, with Sven Hans Knecht

2024-06-0455:30

Hacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson

2024-05-2844:26

CoreDNS will fail you at scale (with default settings), with Mohamed Hamdan Faris S M

2024-05-2134:50

00:00

Hacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson

#box-pro-ellipsis-173486817626819{-webkit-line-clamp:2;}Hacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson

Hacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson

Hacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson