Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty

DerbyCon 9.0 - Finish Line

Presented by: James Condon
Date: Saturday September 07, 2019
Time: 09:30 - 10:00
Location: Stable Talks

How are Kubernetes cluster’s being compromised in the wild? Come to this talk to find out! There aren’t a whole lot of public reports on successful attacks against Kubernetes clusters, so I plan to demystify how these occur. In this talk, I will walk through the compromise of a Kubernetes honeypot. (You will be surprised at how long it took!). Next, I expand this research to survey other Kubernetes clusters for signs of similar compromise. I will share research on how hundreds of other clusters have been compromised from multiple threat actors. Join me for a tale of Kubernetes, plunder, and cryptobooty.

James Condon

James Condon is Director of Research at Lacework. James is a security veteran with over 10 years of experience in incident response, intelligence analysis, and automated threat detection. James was previously Director of Threat Research at ProtectWise (acquired by Verizon), an Incident Analyst for Mandiant, and a Special Agent in USAF OSI.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats