The Attacker Perspective: Insights From Hacking Alibaba Cloud's K8s Environments

Abstract
In this session, we will demonstrate a real-life case study of what an attack on a managed K8s environment looks like, by presenting our step-by-step engagement with Alibaba Cloud. We will begin as an external user, execute code in the managed environment, escalate privileges, escape containers, conduct lateral movement within the Kubernetes environment, and ultimately gain unauthorized read-write access to other customers' databases.
Our session demonstrates how chaining small configuration errors can lead to far-reaching consequences, such as a complete compromise of a managed cluster.
With a deeper understanding of real-world hacker operations in managed K8s environments, the audience will be able to strengthen their deployments and enhance their organization's security posture.

About the Speakers
Hillai Ben-Sasson is a security researcher based in Israel. As part of the Wiz Research Team, Hillai specializes in research and exploitation of web applications, application security, and finding vulnerabilities in complex high-level systems.

Ronen Shustin is a security researcher specializing in vulnerability research and practical hacking, currently working for the cloud security firm Wiz. With experience in vulnerability research for various companies, he is also a proud member of the 5BC CTF team.