November 7, 2019

221 words 2 mins read

How We Used Kubernetes to Host a Capture the Flag (CTF)

How We Used Kubernetes to Host a Capture the Flag (CTF)

CTF competitions are now commonly used for cybersecurity education purposes, and are solved by many enthusiast researchers looking for a challenge. In Twistlock, we decided to host an online CTF compe …

Talk Title How We Used Kubernetes to Host a Capture the Flag (CTF)
Speakers Liron Levin (Chief software architect, Palo alto networks), Ariel Zelivansky (Security Research Team Lead, Palo Alto Networks)
Conference KubeCon + CloudNativeCon Europe
Conf Tag
Location Barcelona, Spain
Date May 19-23, 2019
URL Talk Page
Slides Talk Slides
Video

CTF competitions are now commonly used for cybersecurity education purposes, and are solved by many enthusiast researchers looking for a challenge. In Twistlock, we decided to host an online CTF competition with unique challenges that required a live, dedicated persistent machine, for each participant. Using Kubernetes, we managed to successfully host the challenge, publicly open, without sacrificing the security of our infrastructure. We will discuss: Introduction to the CTF and why we choose to run it on Kubernetes Attack vectors for giving users untrusted shells to pods Container isolation technologies such as gvisor and network policies. Patterns for dynamically scaling pods and routes for new CTF participates In the end, attendees will learn the security building blocks of Kubernetes, and how it can be used for non conventional purposes such as hosting a one time live challenge.

comments powered by Disqus