Preview Mode Links will not work in preview mode

Nov 12, 2018

Ian Coldwater-

@IanColdwater *new gig*


So many different moving parts




She’s working on speaking schedule for 2019

How would I use these at home?


Kubernetes - up and running


General wikipedia article (with architecture diagram): - Alice Goldfuss


Derbycon Talk:


Tesla mis-configured Kubes env:


From the talk:


Redlock report mentioned in Ars article:


Setup your own K8s environment: (many options to choose from)


Securing K8s implementations: -


Threat Model
    What R U protecting?

    Who R U protecting from?

    What R your Adversary’s capabilities?

    What R your capabilities?


Defenders think in Lists

Attackers think in Graphs


What are some of the visible ports used in K8S?

    44134/tcp - Helmtiller, weave, calico

    10250/tcp - kubelet (kublet exploit)

        No authN, completely open

    10255/tcp - kublet port (read-only)

    4194/tcp - cAdvisor

    2379/tcp - etcd

        Etcd holds all the configs

        Config storage


Engineering workflow:

    Ephemeral -  


CVE for K8S subpath -


Final points:

    Advice securing K8S is standard security advice

    Use Defense in Depth, and least Privilege

    Be aware of your attack surface

    Keep your threat model in mind


David Cybuck (questions from Slack channel)


My questions are: 1. Talk telemetry?  What is the best first step for having my containers or kubernetes report information?  (my overlords want metrics dashboards which lead to useful metrics).


  1. How do you threat model your containers?  Has she ever or how would she begin to run a table-top exercise, a cross between a threat model and a disaster recovery walk through, for the container infrastructure?


  1. Mitre Att&ck framework, there is a spin off for mobile.  Do we need one for Kube, swarm, or DC/OS?


heck out our Store on Teepub!

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email

#Brakesec Store!:



#Youtube Channel:

#iTunes Store Link:

#Google Play Store:

Our main site:

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast by using our #Paypal OR our #Patreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App: