Rory McCune

Rory is a senior advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon EU and NA, as well as a number of other cloud native and security conferences. He is one of the main authors of the CIS benchmarks for Docker and Kubernetes, a published author on the topic of Cloud Native Security, member of Kubernetes SIG-Security and CNCF TAG-Security. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.

The speaker's profile picture

Sessions

03-17
14:35
30min
Beyond the Surface - Exploring Attacker Persistence Strategies in Kubernetes
Rory McCune

Kubernetes has been put to great use by a wide variety of organizations to manage their workloads, as it hides away a lot of the complexity of managing and scheduling containers. But with each added layer of abstraction, there can be new places for attackers to hide in darkened corners.

This talk will examine how attackers can (ab)use little known features of Kubernetes and the components that are commonly deployed as part of cloud-native containerized workloads to persist in compromised systems, sometimes for years at a time. We'll also pinpoint places where, if you don't detect the initial attack, it might be very difficult to spot the attacker lurking in your cluster.

Arena