Hands-on Kubernetes security with KubeHound (purple teaming)

  • 2024-10-22 , Vianden & Wiltz
  • 2024-10-23 , Vianden & Wiltz

All times in Europe/Luxembourg

Join us for an immersive hands-on workshop where we'll dive into KubeHound, a Tool for building Kubernetes attack paths. Participants will play the role of an attacker, but we think the best defense is a good offense. With concrete scenarios and a live environment, attendees will learn to leverage KubHound to identify attack paths in Kubernetes clusters at scale with no hustle.


There’s no two ways about it: Kubernetes is a confusing and complex collection of intertwined systems. Finding attack paths in Kubernetes by hand is a frustrating, slow, and tedious process. Defending Kubernetes against those same attack paths is almost impossible without any third party tooling.

In this workshop we will present KubeHound - an opinionated, scalable, offensive-minded Kubernetes attack graph tool used by security teams across Datadog. We will cover the custom KubeHound DSL to demonstrate its power to identify some of the most interesting and common attack primitives living in your Kubernetes cluster. If the DSL is not enough, we will cover the basics of Gremlin, the language used by our graph technology so you can find relevant attack paths that matter to you.

As attackers (or defenders), there's nothing better to understand an attack than to exploit it oneself. So in this workshop we will cover some of the usual attack paths and exploit them. This way you will see by yourself, the difficulty (or not) to fully compromise a Kubernetes cluster (#DontDoThisAtHome).

At last, is this workshop we will also demonstrate two ways of using KubeHound:
* As a standalone tool that can be run from a laptop
* Or deployed as a service in your own Kubernetes clusters (KubeHound as a Service)

The main goal of this workshop is to show how defenders can find and eliminate the most dangerous attack paths and how attackers can have a treasure map to fully compromise a Kubernetes cluster by using the free and open source version of KubeHound.

Julien Terriac a French senior security researcher with a strong background of pentesting with a special taste for Windows authentication, Active Directory inner working and reverse engineering. He developed several offensive tools to automate such as ProtonPack (custom mimikatz), Lycos (share hunter), ExploitPack (privilege escalation framework), IAMBuster (AD auditing framework).

He led the R&D department at XMCO for 5 years before joining Datadog as the Team Lead for Adversary Simulation Engineering (ASE) where his team aims at building offensive tools and frameworks that will automate the simulation of real life attacks against Datadog.

This speaker also appears in: