In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.
They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.
You will learn:
- How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.
- How they moved laterally and managed to obtain push and pull rights to a private container registry.
- Recommendations for securing multi-tenant Kubernetes clusters and maintaining environment hygiene.
Find all the links and info for this episode here: kube.fm/hacking-alibaba-ronen...
===
Interested in sponsoring a KubeFM episode? kube.fm/sponsorships
===
CHAPTERS
=========
00:00 Intro
00:27 Emerging tools
01:49 Hillai and Ronen’s background
05:12 Follow your curiosity
05:54 Staying updated on Kubernetes
07:28 Offensive security research
11:30 PostgreSQL vulnerabilities in the cloud
13:31 PostgreSQL code execution
15:12 PostgreSQL on Kubernetes: Alibaba’s approach
17:04 Container security misconfigurations and risks
19:54 Creativity in security research
22:08 Exploiting SCP for container escalation
23:59 Gaining node access via Container Engine API
24:58 Kubelet misconfiguration exposed
26:55 Responsibly disclosing flaws and next steps
29:37 Containers not a strong security barrier
32:15 Peach: a framework for cloud isolation
34:31 Considerations for isolated multi-tenancy
37:07 Security is for everyone
40:10 White hat, black hat
42:05 Hugging Face
43:02 Outro
LISTEN ON
=========
- Apple Podcast kube.fm/apple
- Spotify kube.fm/spotify
- Amazon Music kube.fm/amazon
- Overcast kube.fm/overcast
- Pocket casts kube.fm/pocket-casts
- Deezer kube.fm/deezer