Live Workshop - Attacking AWS Elastic Kubernetes Service (EKS)

Join the AppSecEngineer Discord and chat with us there: https://discord.gg/SRRGbm6sDe Our new workshop, Attacking AWS Elastic Kubernetes Service (EKS), will explore Kubernetes within AWS. Amazon EKS is a managed Kubernetes service that allows for massive scalability during deployment. Nithin Jois will show you how to attack EKS clusters using various methods and compromise entire cloud infrastructures. This workshop will feature hands-on labs that you can use to practice on your own! All you need is a free AppSecEngineer account, so sign up for it now: https://checkout.appsecengineer.com/free Chapters 0:00- Countdown 1:50- Intro of session and trainer 3:00- Intro from trainer 4:00- Learning Objective 6:58- Kubernetes Architecture 14:08- Cloud manager component 15:55- Cloud controller manager function 17:38- Self hosted vs. Managed Kubernetes Cluster 23:57- Shared responsibility in different AWS Kubernetes services 27:55- Attack surface in EKS 30:10- STS token compromise 36:01- credential compromise- AWS compute services 37:14- EKS PrivEsc possibilities 38:20- Lab: EKS SSRF 40:05- lab setup 57:55- End notes

Видео Live Workshop - Attacking AWS Elastic Kubernetes Service (EKS) автора Python уровень