An organization using micro services or any other distributed architecture rely heavily on containers and orchestration engines like Kubernetes and as such its infrastructure security is paramount to its business operations. This talk will focus on how attackers can break into docker container and Kubernetes clusters to gain access, escalate privileges to infrastructure by using misconfigurations and application security vulnerabilities. Speaker will share examples of real-world security issues found in penetration testing engagements to showcase mapping of the attack usually happens in the real world.
By the end of the talk participants will able to identify and exploit vulnerabilities in applications running on containers inside Kubernetes clusters. The key takeaway for audience will be learning from these scenarios how they can assess their environments and fix them before attackers gain control over their infrastructure.