2022-07-06, 15:15–15:35 (Europe/Paris), Amphitheater
kdigger, short for "Kubernetes digger", is a context discovery tool for Kubernetes penetration testing. This tool is a compilation of various plugins called buckets to facilitate pentesting Kubernetes from inside a pod.
During this short session, I'll demonstrate a scenario of a multi-tenant attack in a Kubernetes cluster. I will explain the risks, see how to prevent this kind of attack and show how kdigger can speed up the discovery process of the environment.
On top of discovering a new tool, this presentation will give you an idea of how pentesters generally try to pivot in typical Kubernetes clusters
See also: 🎥 video
Mahé Tardy is a Security R&D Engineer at Quarkslab specializing in Kubernetes security and enjoying any new tech a bit too much.