Dangers of Kubernetes IAM Integrations
On a recent Kubernetes security assessment, Josh Makinen and I were provided restricted access to a GKE cluster and we noticed some disparity between our accounts’ access even though we were given the same permissions. This lead us into diving a bit deeper into how Kubernetes handles permission controls when integrating with a cloud provider. […]
Deep Dive into Real-World Kubernetes Threats
On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the demo, and provide resources for […]