BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//speak.enusec.org//le-tour-du-hack-2026//talk//EEMPKG
BEGIN:VEVENT
UID:pretalx-le-tour-du-hack-2026-EEMPKG@speak.enusec.org
DTSTART:20260516T134000Z
DTEND:20260516T141000Z
DESCRIPTION:You've popped a Kubernetes cluster. You've got admin creds. Now
  the real question is how do you stay? Kubernetes abstracts away enormous 
 complexity across multiple layers\, from container runtimes to cluster API
 s and each of those layers has dark corners where an attacker can set up s
 hop and go unnoticed for months or even years.\n\nThis talk is a post-expl
 oitation deep dive into Kubernetes persistence. We'll walk through a compr
 omised cluster layer by layer\, demonstrating how attackers can escape to 
 cluster nodes\, spin up containers invisible to kubectl\, abuse the Kubele
 t API to dodge audit logging and admission control\, and create phantom cr
 edentials that survive long after the initial breach is forgotten. If defe
 nders aren't watching every layer of the stack\, they won't see you coming
 \, or going.
DTSTAMP:20260514T144437Z
LOCATION:Track 1
SUMMARY:Ghosts in the Cluster - Hiding in Kubernetes for Years - Rory McCun
 e
URL:https://speak.enusec.org/le-tour-du-hack-2026/talk/EEMPKG/
END:VEVENT
END:VCALENDAR