In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, May 18 • 11:55 - 12:30
Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerry

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

The explosive growth of Kubernetes has left security professionals scrambling to deploy innovative tools to address the inherent security risks. One such tool is The Falco Project - an incubating CNCF tool for detecting malicious activity at run time. Falco, like many security tools, has some gaps. This talk highlights these gaps by introducing various techniques to silently bypass the default Falco ruleset (based on Falco v0.30.0 release). The attendees will learn 9 different classes of bypasses, 7 of which are novel and have never been presented. The bypasses allow for stealthy target enumeration, privilege escalation and lateral movement. To aid with the bypass automation, Shay will introduce a special container image and multiple code snippets built specifically for Falco bypasses. To wrap up, we will apply the bypass techniques on securekubernetes cluster (presented on KubeCon NA 2019) and demonstrate how an attacker can achieve full cluster compromise without tripping the SOC.

Click here to view captioning/translation in the MeetingPlay platform!

avatar for Shay Berkovich

Shay Berkovich

Threat Research, Wiz
Shay is part of the Threat Research team in Wiz working on various aspects of container security with the emphasis on Kubernetes emerging threats. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security research... Read More →

Wednesday May 18, 2022 11:55 - 12:30 CEST
Viewable In Platform Feria Valencia