In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, May 18 • 14:30 - 15:05
Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms - Yuval Avrahami & Shaul Ben Hai, Palo Alto Networks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Security teams work to prevent the next container escape while attackers do the opposite. Inevitably, we sometimes lose this battle, but we can still win the fight! It's all about *containing* the next container escape - making sure a rogue node cannot take over the entire cluster. K8s has done a great job at de-privileging the node agent, the Kubelet, but nodes also host other credentials - their pods' service account tokens. Following an escape, the attacker can easily harvest and abuse tokens of neighboring pods.

In this talk, Yuval and Shaul will introduce the concept of Trampoline Pods - pods so powerful that if their node goes rogue, it could launch devastating attacks against the cluster and in some cases completely take over it. Covering managed K8s services and common cluster add-ons, they'll reveal the trampoline pods installed by popular K8s platforms. They'll also demo exploits, discuss mitigations, and release rbac-police: a tool that detects trampoline pods and K8s privEscs.

Click here to view captioning/translation in the MeetingPlay platform!

avatar for Yuval Avrahami

Yuval Avrahami

Principal Security Researcher, Palo Alto Networks
Yuval Avrahami is a principal security researcher at Palo Alto Networks, dealing with hacking and securing anything related to containers and cloud. Yuval found and disclosed numerous vulnerabliites across the cloud-native landscape, including container breakouts, Kubernetes CVEs... Read More →
avatar for Shaul Ben Hai

Shaul Ben Hai

Security Researcher, Palo Alto Networks
Shaul Ben Hai is a security researcher at Palo Alto Networks, focusing on open source vulnerabilities in the context of cloud and container security.Shaul spent the last year researching vulnerabilities in open source frameworks and libraries and building innovative solutions that... Read More →

Wednesday May 18, 2022 14:30 - 15:05 CEST
Auditorium 1A | Event Center Feria Valencia