How We Used Kubernetes to Host a Capture the Flag (CTF)
CTF competitions are now commonly used for cybersecurity education purposes, and are solved by many enthusiast researchers looking for a challenge. In Twistlock, we decided to host an online CTF compe …
| Talk Title | How We Used Kubernetes to Host a Capture the Flag (CTF) |
| Speakers | Liron Levin (Chief software architect, Palo alto networks), Ariel Zelivansky (Security Research Team Lead, Palo Alto Networks) |
| Conference | KubeCon + CloudNativeCon Europe |
| Conf Tag | |
| Location | Barcelona, Spain |
| Date | May 19-23, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
CTF competitions are now commonly used for cybersecurity education purposes, and are solved by many enthusiast researchers looking for a challenge. In Twistlock, we decided to host an online CTF competition with unique challenges that required a live, dedicated persistent machine, for each participant. Using Kubernetes, we managed to successfully host the challenge, publicly open, without sacrificing the security of our infrastructure. We will discuss: Introduction to the CTF and why we choose to run it on Kubernetes Attack vectors for giving users untrusted shells to pods Container isolation technologies such as gvisor and network policies. Patterns for dynamically scaling pods and routes for new CTF participates In the end, attendees will learn the security building blocks of Kubernetes, and how it can be used for non conventional purposes such as hosting a one time live challenge.
