2026-06-01 –, Room 1
Kubernetes famously has a lot of moving parts; clusters can get complicated very quickly and maintaining best security practice can be a challenge. What can make this harder is when good intentions to enhance security backfire and actually introduce risk. This talk looks at observability tools in Kubernetes environments and how the nature of their positioning within a cluster, along with often higher privileges, can expose privilege escalation paths to attackers. This talk will cover specific examples of managed cluster observability tools exposing such risks with their 'out-of-the-box' configuration, as well as how these have been exploited inside real-world production environments. Attendees will also take away recommendations for how cluster administrators can identify and mitigate such risks in their own workloads.
Security consultant with a background in embedded engineering and DevOps, which has lead to an interest in mobile, Cloud, and Kubernetes security. I used to make things work; now I break things, professionally and ethically.