12th édition – du 17 au 19 avril 2024
3 jours de conférences, 70 exposants, 4500 visiteurs par jour
This talk examines the risks of privilege escalation in Kubernetes, focusing on common vulnerabilities like misconfigured RBAC permissions, vulnerable pods and containers, and exploitable components such as kubelet, API server, and etcd. We discuss how these oversights can lead to unauthorized administrative access through tactics like group impersonation, role binding, and token or secret theft. The presentation includes practical demos to highlight key security issues and concludes with essential best practices to enhance Kubernetes security and prevent escalation threats.
Patrycja Wegrzynowicz
Patrycja is a lead engineer at Form3, working on reliability and performance of UK payments. She is also the founder of Yon Labs, a startup focusing on automated tools for detection and refactoring of security vulnerabilities, performance anti-patterns, or cloud issues and providing consultancy in Java, C++, Go, and cloud technologies.
She is a regular speaker at software conferences, including KubeCon, CodeOne, JavaOne, Devoxx, JFokus, and others. She was awarded an Oracle Groundbreaker Ambassador title in 2020 and 2021, Oracle ACE Associate and Pro in 2022 and 2023. She was also named as one of Top 10 Women in Tech in Poland in 2016.
Her interests focus on automated software engineering, mainly static and dynamic analysis techniques to support software verification, optimization, and deployment.