Paul Barbé
Hi, I'm Paul Barbé, a pentester and red team operator at Synacktiv, a French firm dedicated to offensive information security. Over the last 4 years, I have participated in a wide variety of offensive assessments, which has led me to develop an interest in cloud technologies. I share the knowledge I've gained about these technologies by serving as a trainer for our clients and student clubs.
I have published some advisories in the past, such as https://www.synacktiv.com/sites/default/files/2023-02/Advisory_Oracle_APS_JAPI_Lack_Access_Control_2021.pdf or https://www.synacktiv.com/sites/default/files/2023-06/synacktiv-ucopia-multiple-vulnerabilities-2022.pdf. This will be my first time sharing my research with the community, and I am both excited and hopeful to present my findings at the conference.
Sessions
Kubernetes clusters rely on TLS for secure and authenticated internal communication. However, managing TLS certificates in such environments can be complex. Kubernetes offers built-in mechanisms to handle certificate signature and distribution to ease this challenge. Bootstrap tokens play an important role in this process, serving as initial identifiers that enable certificate signing requests. Typically, these requests are automatically approved and signed. As often in security, this ease of use implies the emergence of attack vectors.
This presentation will delve into the mechanics of Kubernetes authentication and bootstrap tokens to highlight exploitation possibilities of such tokens.
Inspired by Marc Wickenden's research on Google GKS TLS Bootstrapping, we will demonstrate a new attack in AKS clusters (Azure), that will not be fixed by Microsoft.