About Us
Lorem ipsum dolor sit amet, consectetur elit, sed do eiusmod tempor incididunt ut labore et magna aliqua.
Get a free quote
Who Left the Cluster Keys on the Porch?
Who Left the Cluster Keys on the Porch?
Ingress-NGINX's admission controller can be coerced into generating attacker-controlled NGINX config, enabling unauthenticated remote code execution on the controller pod and broad access to cluster secrets.
I'll unpack the bug's root cause, the path from mis-validation to code execution, real-world blast radius (multi-tenant, cloud), and practical defenses. This workshop provides a deep technical dive into one of the most critical Kubernetes security vulnerabilities discovered in recent years.
Root cause analysis of NGINX admission controller bug
Path from validation bypass to RCE
Multi-tenant and cloud environment impact
Practical defense strategies and mitigations
This workshop is designed for advanced practitioners who want to understand how subtle validation errors can lead to catastrophic security failures in Kubernetes environments, and how to prevent similar issues in their own infrastructure.
Attendees will gain hands-on experience with vulnerability analysis, exploit development, and defensive programming techniques specific to Kubernetes admission controllers and NGINX configurations.
Speaker
Enzo Venturi - Platform Engineer
Linux, Networking, and Go are my core areas, with Kubernetes at the intersection. I primarily develop in Go (the language behind most CNCF projects) on my Linux-based ThinkPad. Additionally, I organize events at Cloud Native Lima, the community that co-created the first KCD in Peru.
Workshop Details
Nivel: 301 - Advanced
Análisis técnico profundo de vulnerabilidades críticas en Kubernetes, exploit development y estrategias defensivas avanzadas.
Información del Evento
SALA A2
10:30 AM - 11:15 AM