SecTalks LJU0x0B



[*] 0x00 Talk: Kubernetes Security (Gregor Pogačnik)

>> We have seen how Docker can be misconfigured to allow container escapes. Now let's level up and take a bunch of nodes. More servers, more trouble. The preferred orchestration software is usually Kubernetes. We will take a look at what can go wrong there and the hard lessons learned by manually setting up a cluster. For those who just heard about CVE[masked], we will also explain what k8s is in the talk ;)

>> Gregor works at Sportradar as a Software Engineer. He's also been responsible for System Administration in the past. Nowadays his focus is "DevSecOps".

[*] 0x01 Hacking: Short CTF (60min)

[*] 0x02 B33R - (sponsors needed!!)


• Bring your laptop.

• Have a hypervisor software, e.g. VMWare player, Virtual box. It may be necessary for running some CTF challenges.

• Based on the number of participates for the CTF, the group may be divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so.

• This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don't treat it like a competition.

• The winner is the first team who solves the challenge. The winner will win the praise and admiration of fellow attendees. Gentle prods and hints will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end.

• Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community.