Name: Clusterfuck -- A Multi-Stage Attack Simulation Framework for Kubernetes
Start: 2025-11-12T18:30:00-05:00
End: 2025-11-12T20:30:00-05:00

**Format**:
Hybrid (in-person and online) event

**In-person location**:
**Security Compass**
325 Front Street West, Unit 103
Toronto, ON
M5V 2Y1

**Note:** In-person attendance is limited to **70 people**, in a **first-come, first-serve basis**.
Doors will open at **6:00 PM**, with the event will start at **6:30 PM** (EDT).
For those who cannot attend in person, please join us virtually via the livestream!

**Presentation Title:**
**Clusterfuck -- A Multi-Stage Attack Simulation Framework for Kubernetes**
K8s environments present unique attack surfaces that traditional security tools often fail to detect comprehensively. This talk introduces clusterfuck, an open-source multi-stage attack simulation framework designed to validate CSPM/MDR detection capabilities.

clusterfuck executes a realistic 20+ stage attack chain targeting actual weaknesses in Kubernetes deployments: privilege escalation via misconfigured security contexts, container escape through host filesystem mounts, credential theft (Kubernetes service account tokens and AWS IAM credentials), process hiding via eBPF and LD_PRELOAD manipulation, lateral movement, C2 establishment through multiple protocols, and resource hijacking via cryptomining payloads.

ignatius

Yuk Fai Chan

Opheliar Chan

Adam G.

Gina

OWASP Toronto Chapter

OWASP® Foundation 

Global Contributing Corporate Member & Local Event Supporter

Security Compass

Global Contributing Corporate Member & Local Event Sponsor

BDO Canada

Corellium

Cycode

DeepCove CyberSecurity

Dreadnode

Endor Labs

Leading Cyber Ladies Toronto Chapter

Miggo

Microsoft Reactor

OX Security

Pixee

Security Journey

Oligo

Technology

Open Source

Software Development

Web Security

Network Security

Web Development

Web Application

OWASP

Information Security

Application Security

Software Security

Cloud Security

Computer Security

Cybersecurity

Web Application Security

Bilal is a former staff security engineer, now an engineering manager of platform security at Turo, where he focuses on platform, backend, and frontend security across all engineering infrastructure, from the core to the network edge. His work spans runtime security research, container/cluster hardening, red-team automations, agent security, pipeline security, and product security architecture.
Outside of work, Bilal conducts independent security research and offensive tooling development. He recently discovered CVE-2025-43330, a universal macOS sandbox escape affecting all sandboxed applications through the genatsdb binary, exploiting polyglot files that functioned both as valid TTF fonts and shell scripts. His research interests also include writing implants and malware for red-teaming operations, developing exploits for container and cloud environments, and reverse engineering system-level attack surfaces.

Links:
https://bsssq.xyz/about/
https://github.com/bilals12
https://www.linkedin.com/in/bilal-s-b857601a/

Bilal Siddiqui