Red Team Village - Securing (and Pentesting) - TIB AV-Portal

Red Team Village - Securing (and Pentesting)

00:00

6

Fitzgerald, Kat

Formal Metadata

Title

Red Team Village - Securing (and Pentesting)

Subtitle

the Great Spaghetti Monster (k8s)

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Fitzgerald, Kat

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/49189 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

We've all heard of it - Kubernetes - but do you really know what it is and, more importantly, how to set it up securely? The Great Spaghetti Monster isn’t too difficult to secure if you just stop and use common sense (wait, WHAT?) security best practices. These techniques are for everyone - even those who have been playing with Kubernetes for some time. Let’s talk about Docker, baby! You have to start somewhere, and containers are the place. Next, let’s intro Kubernetes and the magic world of orchestration and what it really means to orchestrate containers. A quick recorded demo of my raspberry pi cluster will be shown here. As the brief Kubernetes demo concludes, it’s time to bring in security by demonstrating the security plug-ins and tools used. Techniques are shown for best-in-show k8s security configuration. Remember this concept - “Common Sense”? Let’s see if we can apply it with some best practices and build out the secure cluster. The focus on this is security threats to a Kubernetes cluster, containers and the apps deployed. A review of typical attack vectors in containers and Kubernetes clusters are shown with fun and exciting(?) pentesting tools specifically formulated for k8s. Now the fun begins - we have secured our cluster and our containers but how can we be sure? Let’s put our blue-skills to the test with some red-skills and pentest our cluster. It’s time to present some live security testing tools that are best suited for testing k8s. This is where the rubber meets the road, or in this case, where, wait for it —– common sense prevails!!

Speech

Text

Image

00:00

Java appletAsynchronous Transfer ModeMonster groupPhilips CD-iRight angleMonster groupSoftware testingEntire functionPresentation of a groupTwitterKälteerzeugungMultiplication signMereology1 (number)Internet der DingeInformation securityStaff (military)CASE <Informatik>Process (computing)Computer animation

01:34

View (database)Position operatorAsynchronous Transfer ModeMessage passingInformation securityMessage passingPresentation of a groupHacker (term)WindowMathematicsInformation securityCybersexView (database)Default (computer science)Multiplication signInformationComputer animation

02:54

Information securityAsynchronous Transfer ModeSlide ruleMultiplication signExtension (kinesiology)Information securityPoint cloudPiWindowDemo (music)Slide ruleCausality

04:18

High-level programming languageInformation securityAsynchronous Transfer ModeSoftwareComputer architectureVulnerability (computing)Computer hardwareInformationUniqueness quantificationInformation securityMeasurementComputer animation

05:43

Asynchronous Transfer ModePort scannerInternetworkingWordSystem callVulnerability (computing)PasswordIncidence algebraRoot2 (number)Multiplication signSoftware bugConfiguration spaceComputer animation

07:07

Configuration spaceAsynchronous Transfer ModeIncidence algebraRootRight angleConfiguration spacePasswordSlide ruleVariable (mathematics)Type theoryCausalityNP-hardCodeComputer animation

08:10

Point cloudData miningAsynchronous Transfer ModeHacker (term)Default (computer science)Control flowGroup actionLimit (category theory)Process (computing)InterprozesskommunikationComputer networkMultilaterationWeb 2.0Cartesian coordinate systemNamespaceBefehlsprozessorVulnerability (computing)Group actionLimit (category theory)BitGame controllerProcess (computing)Combinational logicPhysical systemBroadcasting (networking)Social classAuthorizationInjektivitätPresentation of a groupSoftware testingDefault (computer science)Multiplication signSemiconductor memorySoftwareSlide ruleSequelNormal (geometry)Computer animation

12:14

Asynchronous Transfer ModeWindows RegistryGame controllerEntire functionCartesian coordinate systemDifferent (Kate Ryan album)File systemWebsiteInformation securityPhysical systemOperating systemMedical imagingNamespaceClient (computing)Computer hardwareTrailWordGroup actionMultiplication signComputer animation

14:16

Asynchronous Transfer ModeComputer-generated imageryPC CardLimit (category theory)Intrusion detection systemNamespaceComputer fileScaling (geometry)Token ringCartesian coordinate systemSoftware repositoryUniform resource locatorDatabaseData managementBenchmarkStress (mechanics)Key (cryptography)Multiplication signRootConfiguration spaceMedical imagingPoint cloudPhysical systemSlide ruleAttribute grammarConstructor (object-oriented programming)Software developerIntegrated development environmentQuicksortInformationLimit (category theory)Boom (sailing)Information securityRight angleGame controllerMobile appDefault (computer science)GoogolGodComputer animation

21:09

Asynchronous Transfer ModeWordComputer hardwareLibrary (computing)Operating systemLine (geometry)Virtual machineMobile appAdditionOperator (mathematics)Cartesian coordinate systemBinary fileRun time (program lifecycle phase)Computer animation

22:25

Asynchronous Transfer ModeService (economics)Vertex (graph theory)Component-based software engineeringAddress spaceStructural loadProxy serverServer (computing)Chemical equationPC CardIntegrated development environmentConnectivity (graph theory)MereologyInformation securityInternetworkingCartesian coordinate systemService (economics)Client (computing)DatabaseGroup actionExecution unitNumeral (linguistics)Virtual LANInstance (computer science)WebsiteIP addressSlide ruleChemical equationComputer animation

26:20

Asynchronous Transfer ModeHigh-level programming languageHacker (term)Perfect groupDefault (computer science)Local GroupInformation systemsServer (computing)Game controllerMobile appMereologyMiniDiscService (economics)Proxy serverRepresentation (politics)InternetworkingComputer animationEngineering drawing

27:22

Perfect groupDefault (computer science)Local GroupInformation systemsTransport Layer SecurityFirewall (computing)Flow separationRollenbasierte ZugriffskontrolleServer (computing)EncryptionKey (cryptography)Information securityBlogAsynchronous Transfer ModePoint (geometry)Slide ruleServer (computing)Backdoor (computing)Default (computer science)1 (number)NamespaceKeyboard shortcutAuthenticationCartesian coordinate systemData managementComputer fileEndliche ModelltheorieIntegrated development environmentRegular graphOnline helpLine (geometry)Pivot elementBlogRotationInformation securityConfiguration spaceSet (mathematics)Rollenbasierte ZugriffskontrolleKey (cryptography)InternetworkingGame controllerDependent and independent variablesPhysical systemTransport Layer SecurityComputer animation

31:36

Asynchronous Transfer ModeComputer-generated imageryInformation securityPC CardVideo GenieInternetworkingKnowledge-based systemsJenkins CIDisintegrationPort scannerObject-oriented programmingMultiplication signBenchmarkPoint (geometry)Cartesian coordinate systemCodeConfiguration spaceIntegrated development environmentVulnerability (computing)PC CardNumberBasis <Mathematik>InjektivitätLibrary (computing)Information securityInternetworkingMedical imagingBelegleserAreaPort scannerSoftware repositoryProduct (business)Process (computing)Plug-in (computing)Slide ruleGroup actionWindows RegistryCybersexServer (computing)Software developerRootRollenbasierte ZugriffskontrolleDirection (geometry)Reduced instruction set computingComputer animation

38:21

Asynchronous Transfer ModeBenchmarkPC CardTraffic reportingConfiguration spaceBenchmarkPhysical systemSoftware testingPC CardIntegrated development environmentInformation securityRead-only memoryPoint (geometry)File systemObject-oriented programmingComputer fileMobile appCompilation albumSet (mathematics)Computer animationSource code

40:02

Fluid staticsMathematical analysisWindows RegistryAsynchronous Transfer ModeSet (mathematics)Port scannerSoftware testingComputer-assisted translationInternetworkingCartesian coordinate systemDefault (computer science)Windows RegistryServer (computing)Entire functionMathematical analysisFluid staticsIntegrated development environmentFirewall (computing)BitRight angleLevel (video gaming)CASE <Informatik>PasswordSet (mathematics)Computer animation

42:37

Hacker (term)Server (computing)Reading (process)Kernel (computing)Mobile appComputer fileAsynchronous Transfer ModeData modelInformation securityComputer networkConfiguration spaceVulnerability (computing)Variable (mathematics)Computer fileSlide ruleConfiguration spaceCASE <Informatik>Cartesian coordinate systemBlogGame controllerSoftware bugSoftwareInformation securityFile systemRead-only memoryFirewall (computing)Key (cryptography)Integrated development environmentData managementSoftware testingRootMultiplication signHacker (term)Endliche ModelltheorieWorkloadMultilaterationServer (computing)Computer animation

47:26

Asynchronous Transfer ModeIntegrated development environmentPC CardRollenbasierte ZugriffskontrolleComputer networkMobile appGUI widgetPatch (Unix)LoginBenchmarkBlogCartesian coordinate systemInformation securityDisk read-and-write headPC CardHacker (term)Multiplication signIntegrated development environmentSoftwareGame controllerEndliche ModelltheoriePatch (Unix)Physical systemConfiguration spaceFile Transfer ProtocolTransport Layer SecurityRollenbasierte ZugriffskontrolleExplosionLoginComputer animation

51:19

Asynchronous Transfer ModeTwitterInformationIntegrated development environmentPresentation of a groupDescriptive statisticsYouTubeControl flowStreaming mediaWebsiteData conversionComputer-assisted translationComputer animation

Transcript: English(auto-generated)