Jay Beale
@neutrino.bsky.social
@InGuardians CEO, Bustakube, Peirates, BastilleLinux, #kubernetes @BlackHatEvents Trainer,#neurodivergent fam, he/him, jaybeale@infosec.exchange
In closing - special thank you's...
9/9
9/9
January 23, 2025 at 8:00 PM
In closing - special thank you's...
9/9
9/9
@antitree.com ended us with a caution about understanding the true threats to your org and technology:
8/9
8/9
January 23, 2025 at 8:00 PM
@antitree.com ended us with a caution about understanding the true threats to your org and technology:
8/9
8/9
January 23, 2025 at 8:00 PM
The attack path includes Peirates harvesting service account tokens from a compromised node and then trying kubectl commands as every token:
inguardians.com/peirates/
6/9
inguardians.com/peirates/
6/9
January 23, 2025 at 8:00 PM
The attack path includes Peirates harvesting service account tokens from a compromised node and then trying kubectl commands as every token:
inguardians.com/peirates/
6/9
inguardians.com/peirates/
6/9
We showed a multi-step attack path demo, with a story based on the last #ShmooCon "commencement" theme.
"Exploring the University Data Science Cluster"
youtu.be/-uFGJzaZ7XI
5/9
"Exploring the University Data Science Cluster"
youtu.be/-uFGJzaZ7XI
5/9
January 23, 2025 at 8:00 PM
We showed a multi-step attack path demo, with a story based on the last #ShmooCon "commencement" theme.
"Exploring the University Data Science Cluster"
youtu.be/-uFGJzaZ7XI
5/9
"Exploring the University Data Science Cluster"
youtu.be/-uFGJzaZ7XI
5/9
Seccomp will not make your container a sandbox. You might want to investigate gvisor, which became far more performant in January 2023:
cloud.google.com/blog/product...
4/9
cloud.google.com/blog/product...
4/9
January 23, 2025 at 8:00 PM
Seccomp will not make your container a sandbox. You might want to investigate gvisor, which became far more performant in January 2023:
cloud.google.com/blog/product...
4/9
cloud.google.com/blog/product...
4/9
@antitree.com used his newly-released tool, Seccomp-Diff, to show that custom seccomp filters can accidentally be more permissive than Docker's default seccomp profile.
github.com/antitree/sec...
3/9
github.com/antitree/sec...
3/9
January 23, 2025 at 8:00 PM
@antitree.com used his newly-released tool, Seccomp-Diff, to show that custom seccomp filters can accidentally be more permissive than Docker's default seccomp profile.
github.com/antitree/sec...
3/9
github.com/antitree/sec...
3/9
We discussed perceived vs actual risks.
Physical world: we think terrorists & gun crime to be the greatest risks, but not really - think cancer & heart disease.
#Kubernetes: we think CVEs & container breakout sploits, but it's overpriv RBAC, priv ctrs & kubectl delete in the wrong cluster. 2/9
Physical world: we think terrorists & gun crime to be the greatest risks, but not really - think cancer & heart disease.
#Kubernetes: we think CVEs & container breakout sploits, but it's overpriv RBAC, priv ctrs & kubectl delete in the wrong cluster. 2/9
January 23, 2025 at 8:00 PM
We discussed perceived vs actual risks.
Physical world: we think terrorists & gun crime to be the greatest risks, but not really - think cancer & heart disease.
#Kubernetes: we think CVEs & container breakout sploits, but it's overpriv RBAC, priv ctrs & kubectl delete in the wrong cluster. 2/9
Physical world: we think terrorists & gun crime to be the greatest risks, but not really - think cancer & heart disease.
#Kubernetes: we think CVEs & container breakout sploits, but it's overpriv RBAC, priv ctrs & kubectl delete in the wrong cluster. 2/9
Slides and demo videos for the talk that @antitree.com and I gave at the last @shmoocon.bsky.social on entitled, " "A Commencement into Real #Kubernetes Security!"
Demos include use of Mark's brand new tool, as well as of Peirates.
www.canva.com/design/DAGZr...
1/9
Demos include use of Mark's brand new tool, as well as of Peirates.
www.canva.com/design/DAGZr...
1/9
January 23, 2025 at 8:00 PM
Slides and demo videos for the talk that @antitree.com and I gave at the last @shmoocon.bsky.social on entitled, " "A Commencement into Real #Kubernetes Security!"
Demos include use of Mark's brand new tool, as well as of Peirates.
www.canva.com/design/DAGZr...
1/9
Demos include use of Mark's brand new tool, as well as of Peirates.
www.canva.com/design/DAGZr...
1/9
Four running Flippers and counting on this flight home from #ShmooCon.
Pictured: @haxorthematrix.bsky.social and @hevnsnt.bsky.social’s $11 touchscreen ESP32 board, running Marauder.
Can’t wait to try their firmware!
Pictured: @haxorthematrix.bsky.social and @hevnsnt.bsky.social’s $11 touchscreen ESP32 board, running Marauder.
Can’t wait to try their firmware!
January 12, 2025 at 10:46 PM
Four running Flippers and counting on this flight home from #ShmooCon.
Pictured: @haxorthematrix.bsky.social and @hevnsnt.bsky.social’s $11 touchscreen ESP32 board, running Marauder.
Can’t wait to try their firmware!
Pictured: @haxorthematrix.bsky.social and @hevnsnt.bsky.social’s $11 touchscreen ESP32 board, running Marauder.
Can’t wait to try their firmware!
Great #ShmooCon talk from @haxorthematrix.bsky.social and @hevnsnt.bsky.social on tracking BLE devices including AirTags with an $11 touchscreen-enabled ESP32-driven board! Here’s Marauder finding AirTags, but their new tool is way cool. They even gave out these boards!
January 12, 2025 at 4:25 PM
Great #ShmooCon talk from @haxorthematrix.bsky.social and @hevnsnt.bsky.social on tracking BLE devices including AirTags with an $11 touchscreen-enabled ESP32-driven board! Here’s Marauder finding AirTags, but their new tool is way cool. They even gave out these boards!
So excited to be presenting at the last #ShmooCon with
@antitree.com this morning @10am - "A Commencement into Real #Kubernetes Security!"
shmoocon.org/speakers/#kube
@antitree.com this morning @10am - "A Commencement into Real #Kubernetes Security!"
shmoocon.org/speakers/#kube
January 11, 2025 at 2:12 PM
So excited to be presenting at the last #ShmooCon with
@antitree.com this morning @10am - "A Commencement into Real #Kubernetes Security!"
shmoocon.org/speakers/#kube
@antitree.com this morning @10am - "A Commencement into Real #Kubernetes Security!"
shmoocon.org/speakers/#kube
This picture was taken in 2023 - I didn’t realize when I wrote it that we could be talking about right now. Feeling hopeful:
November 5, 2024 at 11:19 PM
This picture was taken in 2023 - I didn’t realize when I wrote it that we could be talking about right now. Feeling hopeful: