Event Details

Topic:

All Your Containers Belong to Us


Presenter: James Condon



Abstract:

The rising adoption of container orchestration tools, such as Kubernetes, has enabled developers to scale cloud applications quickly and efficiently. However with this adoption comes with a new set of security challenges, such as securing the APIs used to manage these ecosystems. We recently conducted a research study that uncovered more than 20,000 publicly accessible management nodes open to the Internet. In this talk we will discuss the implications of the findings and provide recommendations for running orchestration systems securely in the public cloud.
The following platforms are exposed and part of the research; Kubernetes, Mesos Marathon, Redhat OpenShift, Docker Swarm, and Portainer (Docker Management). Not only are these management UI’s available on the web but we also discovered that their API’s are also available. Some are wide open. We will uncover how we did this research, who is the most popular cloud provider hosting the containers, which regions are most popular, and show demonstrations of exploitation and discover.

Bio:

James Condon is Director of Research at Lacework, where he conducts research for cloud security. James is a security veteran with over 10 years of experience in incident response, intelligence analysis, and automated threat detection. Prior to Lacework, James was Director of Threat Research and Analysis at ProtectWise where he founded the 401 Threat Research Group. Prior to ProtectWise, James was an analyst at Mandiant where he provided network traffic analysis and forensics for several incident response engagements. James got his start in the security industry as a Special Agent in the Air Force Office of Special Investigations.



  • When: Tue Feb. 12
    11:30 am - 1:30 pm

  • Address: 3333 Walnut St
    Boulder CO,US 80301

  • Web: Visit Website