BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: The Call is Coming From Inside The Cluster: Mistakes that Lead\n to Whole Cluster Pwnership\n When: Sunday\, Aug 14\, 12:0 0 - 12:45 PDT\n Where: Caesars Forum - Forum 104-105\, 135-136 (Track 1) - [1]Map\n Speakers:Will Kline\,Dagan Henderson\n\n SpeakerBio:Will K line \, Senior Principal / Dark Wolf Solutions\n Will Kline is a Senior Principal with Dark Wolf Solutions\, where he\n works with different cus tomers to modernize their containerized\n development environments. He†™s been working with Linux containers\n since the pre-Docker days. He ha s been attending DEF CON since DEF CON\n 21. He has been coming back alm ost every year\, becoming increasingly\n involved with the SOHOplessly B roken IoT CTF and the Wireless CTF. At\n DEF CON 25 his team “Wolf Emo ji” took a Black Badge. In his recent\n work with Dagan\, he has been excited to see the intersection between\n his off-hours hacking fun and real world cloud architecture and SRE\n work.\n\n SpeakerBio:Dagan Hen derson \, Principal / RAFT\n Dagan Henderson is a Principal Engineer at Raft\, LLC\, where he\n specializes in Kubernetes platform development. Dagan’s interest in\n hacking dates back to the late 80s when AOL and BBSs were the spots\n (yep\, he hosted a very short lived BBS from his h ome PC—and it got\n hacked). His first useful computer program was a D OS BAT on a bootable\n floppy that removed a very persistent Windows 95 Trojan\, which he\n wrote for the mom-and-pop computer shop he worked at for his first\n job. While in college\, Dagan began working for a medic al services\n provider\, and when his acumen with computer systems becam e well-known\,\n he was asked to evaluate a new electronic medical recor ds system. He\n was able to identify several information-disclosure vuln erabilities\n and work with the development team to address them. As his career in\n software engineering took off\, Dagan remained committed to developing\n secure applications\, which is essentially the art of not developing\n insecure systems\, and he remains committed to the practice today. As a\n 25-year veteran of the industry\, Dagan has seen (and mad e) many\, many\n mistakes. He knows where bodies get buried.\n\n Descr iption:\n Kubernetes has taken the DevOps world by storm\, but its rapid uptake\n has created an ecosystem where many popular solutions for comm on\n challenges—storage\, release management\, observability\, etc.— are\n either somewhat immature or have been “lifted and shifted” to\ n Kubernetes. What critical security smells can pentesters look for when \n looking at the security of a cluster?\n\n We are going to talk thro ugh five different security problems that we\n have found (and reported\ , no 0-days here) in popular open-source\n projects and how you can look for similar vulnerabilities in other\n projects.\n\n '\n\n 1. https ://defcon.outel.org/consolidated_page.html#CaesarsForumBR\n\n\n DTEND:20220814T194500Z DTSTART:20220814T190000Z LOCATION:DC - Caesars Forum - Forum 104-105\, 135-136 (Track 1) SUMMARY:The Call is Coming From Inside The Cluster: Mistakes that Lead to W hole Cluster Pwnership END:VEVENT END:VCALENDAR