CactusCon

CactusCon13
February 14-15, 2025
Mesa, AZ

Attacking and Defending Kubernetes Clusters: A Guided Tour

Is your Kubernetes cluster able to resist the most common attacks? And, are all the necessary detection mechanisms in place to know if a security issue did occur?

In this hands-on workshop, we will dive into the art and science of Kubernetes security through a series of interactive attack and defense scenarios. Attendees will learn through instructor-led exercises how to identify and exploit realistic misconfigurations in Kubernetes clusters to achieve full cluster compromise. Each attack step will be matched with hardening measures and specific methods for detection and response workflows.

Each workshop attendee will be provided with a pre-configured Kubernetes cluster running realistic workloads in a cloud-based lab environment. The tools and methodologies covered by these exercises will directly help attendees secure their own organization's clusters.

Jimmy Mesta

Jimmy is a security leader that has been working in AppSec and Infrastructure Security for over 10 years. He founded and led the OWASP Santa Barbara chapter and co-organized the AppSec California security conference. Jimmy has taught at private corporate events and security conferences worldwide including AppSec USA, LocoMocoSec, SecAppDev, RSA, and B-Sides. He has spent significant time on both the offense and defense side of the industry and is constantly working towards building modern, developer-friendly security solutions.