{"guid":"c7e38a83-d930-5cb5-aab4-b3f37b956040","title":"Hacking Containers, Kubernetes and Clouds","subtitle":null,"slug":"rc3-2021-cbase-247-hacking-containers-ku","link":"https://pretalx.c3voc.de/rc3-2021-cbase/talk/GDMAKJ/","description":"Tokens are a powerful way of controlling the access to  to Rest APIs. Chasing them should be hard.\n\nUnfortunately, there is a widespread habit of leaving tokens lying around allowing very powerful attack vectors. An attack demonstrates how to hack an OpenShift cluster, which is fully securty compliant to the accepted standards of NIST and CIS. Hijacking a container gives full control to the cluster, including  host access. If running in the cloud, the cluster can be used for further attacks, because the host has another token to the cloud API server. With this token, arbitrary accounts and cloud resources can be controlled, including virtual machines, storage and derived accounts.\n\nThis will be part of a set of trainings on Kubernetes security, open sourced at\n\nhttps://github.com/thomasfricke/training-kubernetes-security","original_language":"eng","persons":["Thomas Fricke"],"view_count":1750,"promoted":false,"date":"2021-12-27T12:30:00.000+01:00","release_date":"2022-01-10T00:00:00.000+01:00","updated_at":"2026-04-21T19:45:07.813+02:00","tags":["rc3-2021-import","247","2021","c-base"],"length":1574,"duration":1574,"thumb_url":"https://static.media.ccc.de/media/events/rc3/2021/247-c7e38a83-d930-5cb5-aab4-b3f37b956040.jpg","poster_url":"https://static.media.ccc.de/media/events/rc3/2021/247-c7e38a83-d930-5cb5-aab4-b3f37b956040_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/rc3/2021/247-c7e38a83-d930-5cb5-aab4-b3f37b956040.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/rc3/2021/247-c7e38a83-d930-5cb5-aab4-b3f37b956040.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/rc3-2021-cbase-247-hacking-containers-ku","url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_title":"rC3 NOWHERE","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021","related":[],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"fin","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds.fi.srt","state":"translated","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2023-09-02T02:39:15.395+02:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds.fi.srt","url":"https://api.media.ccc.de/public/recordings/69672","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds.en.srt","state":"complete","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-31T12:54:02.415+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds.en.srt","url":"https://api.media.ccc.de/public/recordings/57239","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":232,"length":1574,"mime_type":"video/webm","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2022-01-10T18:46:10.469+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/webm-hd/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/57046","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":77,"length":1574,"mime_type":"video/webm","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2022-01-10T18:04:48.938+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/webm-sd/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/57040","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":63,"length":1574,"mime_type":"video/mp4","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2022-01-10T17:29:34.054+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/h264-sd/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_sd.mp4","url":"https://api.media.ccc.de/public/recordings/57033","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":17,"length":1574,"mime_type":"audio/opus","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2022-01-10T17:25:34.655+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/opus/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_opus.opus","url":"https://api.media.ccc.de/public/recordings/57032","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":24,"length":1574,"mime_type":"audio/mpeg","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2022-01-10T17:24:34.909+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/mp3/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/57031","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"},{"size":193,"length":1574,"mime_type":"video/mp4","language":"eng","filename":"rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2022-01-10T17:21:40.147+01:00","recording_url":"https://cdn.media.ccc.de/events/rc3/2021/h264-hd/rc3-2021-import-247-eng-Hacking_Containers_Kubernetes_and_Clouds_hd.mp4","url":"https://api.media.ccc.de/public/recordings/57027","event_url":"https://api.media.ccc.de/public/events/c7e38a83-d930-5cb5-aab4-b3f37b956040","conference_url":"https://api.media.ccc.de/public/conferences/rc3-2021"}]}