MCTTP – Munich Cyber Tactics Techniques and Procedures

Sven Nobis, Senior Security Researcher and Analyst, ERNW

Lorin Lehawany, Security Researcher and Analyst, ERNW

Sven is a senior security researcher and analyst at ERNW GmbH. He has worked in IT for more than 15 years and specializes in cloud security. His daily work includes security assessments, red teaming, training, and consulting for European Fortune 100 companies. Before joining IT security, he was a professional developer and continues to use his passion for it to improve security by sharing knowledge and contributing to open-source projects from time to time. Lorin has published several critical vulnerabilities in enterprise cloud software, such as Broadcom VMware.

Lorin is a security analyst working in penetration testing as well as cloud and Kubernetes security. At ERNW Enno Rey Netzwerke GmbH, she improves the security of infrastructures for many companies in Germany. She is also an active member of the BlackHoodie community, where she regularly organizes events, mentors newcomers, and delivers workshops about Kubernetes security, supporting hands-on security education and fostering inclusion in tech.

talks & Q&A

Breaking Multi-Tenancy Over and Over, and What We Can Learn from This

Description

Implementing Kubernetes namespace-based multi-tenancy is challenging, and its isolation is generally considered less effective than control-plane isolation. That's why the latter is often recommended ... and also implemented? Not really, as workloads such as machine learning, pipelines, and scripting capabilities are increasingly common in enterprise environments. And they can introduce unobvious multi-tenancy in clusters.

So the question is: How can we securely isolate those workloads from each other? Pod Security Standards, Network Policies, and Admission Controls are well adopted, but are they sufficient?

The answer is no – this talk presents new vulnerabilities and real-world exploits in Kubeflow, Istio, and Traefik that violate trust boundaries between namespaces and workloads.

We will discuss these vulnerabilities in detail, together with the underlying conditions and root causes that render them exploitable.

Based on these examples, we will present a methodology for assessing complex environments with isolation problems and provide guidance on mitigating these issues.