Kubernetes is an extremely popular, open source container orchestration system, that is used by organizations large and small. Kubernetes’s design philosophy leaves security to the system administrators, letting them pick and choose which security mechanisms they want to enable or disable. As such, it can leave Kubernetes deployments quite vulnerable. In an attempt to abuse this fact, we began looking for potential exploitation avenues. Eventually, we were able to identify several vulnerabilities in different Kubernetes components that could enable a low privileged attacker to execute code, escalate privileges and exfiltrate data. We also found flaws in Kubernetes sidecar project: “gitsync”. while writing a blog post on the subject we again found a command injection vulnerability in the logging feature. Some of these flaws will not be patched, meaning mitigation hinges only on the awareness of security personnel. In this talk we will go through the methodology we used to find these kinds of vulnerabilities, share our thought process on how to exploit them and show how attackers can easily execute commands with SYSTEM privileges. We will also discuss Kubernetes’s design philosophy and how it can allow these types of opportunities.
Tomer is a senior security researcher at Akamai security group. In his daily job, he conducts research ranging from vulnerability research to OS internals. You can find him on X, formerly known as Twitter, @TomerPeled92
Saturday April 5, 2025 11:30am - 11:55am EDT
Track 2, 5 Wayside Rd5 Wayside Rd, Burlington, MA 01803, USA
