Submarines in Pirate Waters: Cloud Attack Strategies

Virtual October 21, 2020 1:00 pm - 1:40 pm Feedback     

Bookmark and Share

Moses Frost

For several years now, our application deployment and infrastructure constructs have changed. What have we done to help model and simulate what the attackers are doing on the internet? In this talk we will be discussing features found commonly in cloud environments, and specifically, Kubernetes based attack strategies that a group can simulate. The talk will include issues seen around cloud environments and how they implement managed Kubernetes and we will be displaying attack strategies that can be employed while performing these tests. During this talk, we will look at three of the cloud providers and how they integrate Kubernetes stacks. There is a tie in between not only underlying architecture such as compute, storage, and networking, but also the overlay technologies like Kubernetes. There will be a discussion as to how a default KOPS or GKE environment will expose buckets that can account for a takeover of a Kubernetes environment. Some attackers are hiding containers by using standard binary names to obscure what is occurring. Attackers are taking advantage of little-to-no egress filtering. Modeling this behavior will be essential, and as such, we will be discussing a new project that we are using to conduct engagements by deploying containers with tools in environments to aid in performing attacks. The container toolset will allow individuals to deploy container image known tools that they can use to get a foothold in an environment.