Hacking Alibaba Cloud’s Kubernetes cluster, with Ronen Shustin and Hillai Ben-Sasson | KubeFM

In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of *hacking Alibaba Cloud’s Kubernetes cluster.*

They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.

You will learn:

– How Hillai and Ronen *gained access to a Kubernetes cluster through a Postgres database.*
– How they *moved laterally and managed to obtain push and pull rights* to a private container registry.
– Recommendations for *securing multi-tenant Kubernetes clusters* and maintaining environment hygiene.

Find all the links and info for this episode here:

===
Interested in sponsoring a KubeFM episode?
===

CHAPTERS
=========
00:00 Intro
00:27 Sponsor
00:52 Emerging tools
02:13 Hillai and Ronen’s background
05:36 Follow your curiosity
06:18 Staying updated on Kubernetes
07:51 Offensive security research
11:54 PostgreSQL vulnerabilities in the cloud
13:55 PostgreSQL code execution
15:36 PostgreSQL on Kubernetes: Alibaba’s approach
17:27 Container security misconfigurations and risks
20:18 Creativity in security research
22:32 Exploiting SCP for container escalation
24:22 Gaining node access via Container Engine API
25:21 Kubelet misconfiguration exposed
27:18 Responsibly disclosing flaws and next steps
30:01 Containers not a strong security barrier
32:39 Peach: a framework for cloud isolation
34:55 Considerations for isolated multi-tenancy
37:31 Security is for everyone
40:33 White hat, black hat
42:29 Hugging Face
43:26 Outro

LISTEN ON
=========
– Apple Podcast
– Spotify
– Amazon Music
– Overcast
– Pocket casts
– Deezer

[ad_2]

source