{"id":10829,"date":"2023-03-08T05:13:21","date_gmt":"2023-03-08T05:13:21","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/?post_type=session&#038;p=10829"},"modified":"2023-05-19T10:37:44","modified_gmt":"2023-05-19T10:37:44","slug":"commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/","title":{"rendered":"COMMSEC: Kubernetes Security Detection Engineering &#8211; Mapping Back to MITRE ATT&#038;CK Matrix"},"content":{"rendered":"<div>\n<p><iframe title=\"#HITB2023AMS #COMMSEC D2 - Kubernetes Security Detection Engineering - Madhu Akula\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/5mgCssxpk84?list=PLmv8T5-GONwTibHQJImf1kCiQ5XGNFg-l\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<hr \/>\n<\/div>\n<div class=\"x_ContentPasted0 x_elementToProof\" style=\"text-align: justify;\">Kubernetes has become a de facto way of running containerized workloads from startups to enterprises and governments, however like most modern technology, it&#8217;s not mature, especially in regards to security. Given its nature of being immutable and things happening in a matter of seconds, it&#8217;s super hard to perform security detection and incident response.<\/div>\n<div style=\"text-align: justify;\"><\/div>\n<div class=\"x_ContentPasted0 x_elementToProof\" style=\"text-align: justify;\">In this talk we will be focusing on the MITRE ATT&amp;CK matrix for Kubernetes with showcasing what things can go wrong in different phases of the running container workloads, then we map back to what we should observe, collect, analyze, monitor, alert, and respond. We will showcase all the possible mappings of the matrix to the detection engineering. We will also cover some interesting real-world examples of hacks, known vulnerabilities, and misconfiguration. We will also showcase how we simulate these attacks in a controlled environment using the Kubernetes Goat project.<\/div>\n<div style=\"text-align: justify;\"><\/div>\n","protected":false},"template":"","class_list":["post-10829","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>COMMSEC: Kubernetes Security Detection Engineering - Mapping Back to MITRE ATT&amp;CK Matrix - HITBSecConf2023 - Amsterdam<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"COMMSEC: Kubernetes Security Detection Engineering - Mapping Back to MITRE ATT&amp;CK Matrix - HITBSecConf2023 - Amsterdam\" \/>\n<meta property=\"og:description\" content=\"Kubernetes has become a de facto way of running containerized workloads from startups to enterprises and governments, however like most modern technology, it&#8217;s not mature, especially in regards to security. Given its nature of being immutable and things happening in a matter of seconds, it&#8217;s super hard to perform security detection and incident response. In [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2023 - Amsterdam\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-19T10:37:44+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/\",\"name\":\"COMMSEC: Kubernetes Security Detection Engineering - Mapping Back to MITRE ATT&CK Matrix - HITBSecConf2023 - Amsterdam\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/#website\"},\"datePublished\":\"2023-03-08T05:13:21+00:00\",\"dateModified\":\"2023-05-19T10:37:44+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"COMMSEC: Kubernetes Security Detection Engineering &#8211; Mapping Back to MITRE ATT&#038;CK Matrix\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/\",\"name\":\"HITBSecConf2023 - Amsterdam\",\"description\":\"#HITB2021AMS\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"COMMSEC: Kubernetes Security Detection Engineering - Mapping Back to MITRE ATT&CK Matrix - HITBSecConf2023 - Amsterdam","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/","og_locale":"en_US","og_type":"article","og_title":"COMMSEC: Kubernetes Security Detection Engineering - Mapping Back to MITRE ATT&CK Matrix - HITBSecConf2023 - Amsterdam","og_description":"Kubernetes has become a de facto way of running containerized workloads from startups to enterprises and governments, however like most modern technology, it&#8217;s not mature, especially in regards to security. Given its nature of being immutable and things happening in a matter of seconds, it&#8217;s super hard to perform security detection and incident response. In [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/","og_site_name":"HITBSecConf2023 - Amsterdam","article_modified_time":"2023-05-19T10:37:44+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/","name":"COMMSEC: Kubernetes Security Detection Engineering - Mapping Back to MITRE ATT&CK Matrix - HITBSecConf2023 - Amsterdam","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/#website"},"datePublished":"2023-03-08T05:13:21+00:00","dateModified":"2023-05-19T10:37:44+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/commsec-kubernetes-security-detection-engineering-mapping-back-to-mitre-attck-matrix\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/session\/"},{"@type":"ListItem","position":3,"name":"COMMSEC: Kubernetes Security Detection Engineering &#8211; Mapping Back to MITRE ATT&#038;CK Matrix"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/","name":"HITBSecConf2023 - Amsterdam","description":"#HITB2021AMS","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/wp-json\/wp\/v2\/session\/10829"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/wp-json\/wp\/v2\/types\/session"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2023ams\/wp-json\/wp\/v2\/media?parent=10829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}