Alex Ivkin leads a security solutions group at Eclypsium, a US security startup. His focus is on researching secure deployments of (in)secure software, including container orchestration, application security, and firmware security. Alex has two decades of itsec experience, delivered security trainings, holds MS in Computer Science, co-authored security certifications and climbs mountains in his spare time.
Kubernetes popularity has triggered a growth of frameworks, tools and technologies around it. This in turn spurred growth of the attack surface. We'll chat about default security controls and the lack of protections, issues and trade-offs that one makes when deploying on Kubernetes. We'll also talk about using the best of the new technologies and processes for keeping the applications out of harms way.
Could a signed Windows executable be modified, but still have a valid signature? Everyone told me "no", so I built a set of tools that does exactly that. Lets talk Authenticode, PE/COFF and a trivial Microsoft limitation that allows one to inject data without breaking signatures or triggering Defender and EDR warnings. Then, see what you can do with that "feature".