The Path Less Traveled: Abusing Kubernetes Defaults

Kubernetes is a container orchestration framework that is increasingly widely used in enterprise and elsewhere. While the industry is starting to pay some attention to Kubernetes security, there are many attack paths that aren’t well-documented, and are rarely discussed. This lack of information can make your clusters vulnerable. In this live demonstration-filled talk, we are going to walk through the Kubernetes control plane before using sigs.k8s.io/kind to show some of the attack surface exposed by a default configuration of Kubernetes. There will be multiple exploits involving various moving parts, including cluster takeovers and host escapes. We’ll show you mitigations, and then show you how to get around those. By Ian Coldwater and Duffie Cooley

Join Today
Kubernetes Zero to Hero: The Complete Beginner’s Guide (2025 Edition)
▶︎

Kubernetes Zero to Hero: The Complete Beginner’s Guide (2025 Edition)

Ghidra - Journey from Classified NSA Tool to Open Source
▶︎

Ghidra - Journey from Classified NSA Tool to Open Source

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

A Compendium of Container Escapes
▶︎

A Compendium of Container Escapes

Effective RBAC - Jordan Liggitt, Red Hat
▶︎

Effective RBAC - Jordan Liggitt, Red Hat

Command and KubeCTL: Real-World Kubernetes Security for Pentesters - Mark Manning (Shmoocon 2020)
▶︎

Command and KubeCTL: Real-World Kubernetes Security for Pentesters - Mark Manning (Shmoocon 2020)

Kubernetes Hacking: From Weak Applications to Cluster Control
▶︎

Kubernetes Hacking: From Weak Applications to Cluster Control

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!
▶︎

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Practical Approach to Automate the Discovery & Eradication of Open-Source Software Vulnerabilities
▶︎

Practical Approach to Automate the Discovery & Eradication of Open-Source Software Vulnerabilities

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
▶︎

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

Kubernetes Crash Course for Absolute Beginners [NEW]
▶︎

Kubernetes Crash Course for Absolute Beginners [NEW]

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
▶︎

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Life of a Packet [I] - Michael Rubin, Google
▶︎

Life of a Packet [I] - Michael Rubin, Google

LISA19 - Deep Dive into Kubernetes Internals for Builders and Operators
▶︎

LISA19 - Deep Dive into Kubernetes Internals for Builders and Operators

Cybersecurity Architecture: Networks
▶︎

Cybersecurity Architecture: Networks

RL for Agents Workshop - Deep Dive on Training Agents with RL and Open Source
▶︎

RL for Agents Workshop - Deep Dive on Training Agents with RL and Open Source

Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
▶︎

Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]

Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
▶︎

Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities