Путь атакующего Kubernetes | Анастасия Березовская

How does an attacker progress from an application vulnerability to taking over a Kubernetes cluster? Using practical demos, we'll explore RCE, SSRF, container escape, dangerous Security Context and Linux Capabilities, as well as defenses such as Network Policies, Seccomp, Falco, and the principle of least privilege. 00:00 — Introduction and the Swiss Cheese Model 01:50 — Kubernetes Testing Infrastructure 04:02 — Remote Code Execution Vulnerabilities 05:50 — React to Shell Analysis 11:41 — React to Shell Exploitation Demo 13:45 — RCE Defenses 15:43 — SSRF Exploitation via Redis 22:07 — SSRF Defenses 24:05 — Code Execution via Langflow 28:31 — Open Source Security 29:18 — Containerization Basics 32:34 — How Namespaces Work 34:44 — Linux Capabilities 37:29 — Security Context in Kubernetes 38:54 — Privileged Container Escape 40:35 — Escape via CAP_SYS_PTRACE 43:14 — Node Access via Capabilities 45:33 — Obtaining Root Access and Security Measures 47:38 — Taking Over a Kubernetes Cluster

C++ vs. Rust: Yandex Userver vs. Axum. Who's the Blazing Winner?
▶︎

C++ vs. Rust: Yandex Userver vs. Axum. Who's the Blazing Winner?

Everything You Need to Know About Monitoring
▶︎

Everything You Need to Know About Monitoring

CI/CD — In Plain English with a Clear Example
▶︎

CI/CD — In Plain English with a Clear Example

If Not Mobilization, Then What?
▶︎

If Not Mobilization, Then What?

C++ 2026: безопасность, рефлексия, C++ vs Rust, будущее языка – Антон Полухин в Подлодке
▶︎

C++ 2026: безопасность, рефлексия, C++ vs Rust, будущее языка – Антон Полухин в Подлодке

CISO Avito: к чему инженеры ИБ должны готовиться уже СЕЙЧАС
▶︎

CISO Avito: к чему инженеры ИБ должны готовиться уже СЕЙЧАС

AI won't kill the profession, it'll just add more work (and it's always glitching) – Phil Ranzhin
▶︎

AI won't kill the profession, it'll just add more work (and it's always glitching) – Phil Ranzhin

Мобилизация в октябре: будет или нет?
▶︎

Мобилизация в октябре: будет или нет?

CISO Reveals the Whole Truth About a Career in Cybersecurity
▶︎

CISO Reveals the Whole Truth About a Career in Cybersecurity

The Java Story  |  The Official Documentary
▶︎

The Java Story | The Official Documentary

NETWORKING IN KUBERNETES
▶︎

NETWORKING IN KUBERNETES

Reticulum: How to Build a Network Without the Internet | A Deep Dive into Mesh Networks
▶︎

Reticulum: How to Build a Network Without the Internet | A Deep Dive into Mesh Networks

Нейросети Никогда не заменят программистов. И вот почему
▶︎

Нейросети Никогда не заменят программистов. И вот почему

Local AI Agents - EVERYTHING You Need to Know: Parameters, Hardware, Speed, Privacy
▶︎

Local AI Agents - EVERYTHING You Need to Know: Parameters, Hardware, Speed, Privacy

THE ENTIRE WORLD IS ALREADY HACKED: The Internet’s Scariest Investigation
▶︎

THE ENTIRE WORLD IS ALREADY HACKED: The Internet’s Scariest Investigation

🔞 Поперечный: Критика после ВПИСКИ | Может ли другая страна стать домом | "Оставшиеся" и "Уехавшие".
▶︎

🔞 Поперечный: Критика после ВПИСКИ | Может ли другая страна стать домом | "Оставшиеся" и "Уехавшие".

Google vs. the Kremlin: An Unexpected Turn in the Battle for the RuNet. It’s More Complicated Tha...
▶︎

Google vs. the Kremlin: An Unexpected Turn in the Battle for the RuNet. It’s More Complicated Tha...

How Do Hackers Work for the State? A Deep Dive Into Cybersecurity
▶︎

How Do Hackers Work for the State? A Deep Dive Into Cybersecurity

No Boss, No Money: The Raw Reality of China’s Gen-Z Freelancers
▶︎

No Boss, No Money: The Raw Reality of China’s Gen-Z Freelancers

The Linux Kernel is Falling Apart.
▶︎

The Linux Kernel is Falling Apart.