►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
C
D
E
C
F
G
Yeah
amanders,
I
work
as
a
developer
advocate
for
styra,
which
is
the
creators
of
the
open
policy
agent
project
or
oppa,
which
I'm
going
to
refer
to
for
the
next
for
the
next
hour
or
so
yeah.
I
come
from
a
background
in
identity,
primarily
so
I
worked
for
the
last
three
years
or
so
in
with
oppa
and
access
control,
before
that
it
was
all
about
identity,
identity
of
workloads,
identity
of
users
and
clients,
and
and
so
on.
C
H
Yeah
hi,
I'm
also
a
developer
relations
engineer.
Developer
advocate
I
work
at
new
relic
and
I
specifically
focus
in
security
and
making
security
more
digestible
for
beginners
and
newbies,
and
I
actually
live
stream
here
on
twitch.
So
if
you
want
to
follow
me
on
twitch,
I'm
at
ending
with
ali,
where
I
do
a
lot
of
learning
in
public
of
teaching
myself
security.
Most
of
my
practical
knowledge,
I've
actually
learned
live
here
on
twitch.
So
I
do
a
lot
of
different
lessons
and
education
on
twitch.
So.
B
I
Hello,
hello,
I'm
andy,
I'm
a
founder
and
ceo
at
control
plane
where
we
do
cloud
native
security
stuff,
I'm
a
little
bit
dev
a
little
bit
of
ops,
a
little
bit
of
security
in
there
as
well,
very
proud
to
say
I've
just
just
finished.
Writing
a
book
shout
out
to
mark
some
awesome
review,
work
there
as
well
and,
of
course,
lewis
who's
over
there
and
james.
I
We
were
both
instrumental
in
making
that
thing
more
polished
fixing
the
bug
bounces
up
all
that
kind
of
good
stuff,
I'm
a
sans
instructor
as
well
sans
sex,
584,
again
with
the
more
than
capable
yes,
this
is
lewis,
aiding
and
abetting
in
that
and
yeah
like
a
zealous
ctf
maker
and
player
and
enjoyer.
So
yeah
super
pleased
to
be
here
and
really
looking
forward
to
today.
I
C
C
E
Covers
for
books,
so
I'm
very
proud
to
say
that
the
book
has
got
a
duck
on
it.
So
I
think
that's
the
highlight
of
my
year,
possibly
last
10
years,
to
be
honest
and
I'm
not
in
kubecon,
I'm
back
at
home
in
wales,
which
is
well
england,
is
the
sidecar
of
wales,
but
hey
I'll
deal
with
that
next
week,
yeah
so
day
to
day
within
control
plane,
I
do
lots
of
training.
I
used
to
go
lots
of
different
places,
but
I
pretty
much
give
training
in
here
now.
E
So
this
is
my
little
training
dungeon.
No,
no!
It's
it's
lovely!
It's
been
great,
like
it's.
We've
had
to
change
our
ways
over
the
last.
However
many
months
and
it's
I
just
got
to
meet
lots
of
people
get
to
help
them
out
and
it's
super
awesome
and
I
get
I
I'm
gonna
point
that
one
and
point
that
one
I
get
to
work
with
these
every
day
and
it's
phenomenal
they've
really
helped
me
push
my
career
and
super
awesome
people,
and
thank
you
for
having
me
don't
follow
me
on
the
internet.
D
B
C
J
E
B
C
So
I'm
curious
how
you
guys
got
into
cloud
native
security
right
I
mean
what
does
it
even
mean
to
say
cloud
native
security?
I
mean,
I
think
everybody
kind
of
has
their
own
idea
of
what
cloud
native
is
and
then
okay
on
that
top
of
that
we
put
security
and
then
sometimes
on
top
of
that
we
put
cloud
native
application,
security
and
then
there's
going
to
be
cloud
applications,
security
brokers-
I
don't
know
it,
it
keeps
growing
right.
But
how
did
you
guys
get
here?
I
mean
allie,
let's
start
with
you,
how?
H
H
Yeah,
I
know
I'm
I'm
making
myself
be
baby,
but
to
me
like
whenever
I
like
am
doing
anything,
it's
always
been
cloud
first.
So
to
me
they
are
synonymous
it's.
I
am
now
actually
learning
more
about
how
it
used
to
be
done
back
then,
as
I
dive
more
into
kubernetes
and
how
servers
were
are
are
still
somewhere
in
the
world
still
being
hosted.
But
to
me
it's
always
been
cloud
first
and
I've
always
had
an
interest
in
security
and
I've
always
had
an
interest.
H
I've
always
thought
people
who
work
in
security
are
the
smartest
people
in
the
world
and
people
that
I've
always
looked
up
to
like
alyssa
and
gabby.
I
follow
you
both
on
twitter
fangirling
just
a
little
bit,
but
I've
always
thought
people
that
work
in
security
were
such
amazing
people
and
just
thought
in
such
a
different
way,
and
so
I
was
like
how
can
I
learn
to
be
like
that
and
to
me
that
first
step
was
figuring
out
just
how
everything
works
from
a
security
aspect.
H
C
D
G
G
G
So
so,
once
you
learn
something
like
olaf,
you
can
you
can
kind
of
work
on
that
for
the
next
decade
or
two,
but
yeah
and
and
then
coming
into
authorization
and
oh
or
in
oak
hours.
There's
there's
really
no
standards
and
there's
really
a
lot
of
ideas
on
how
to
best
do
that
that
was
that
was
kind
of
a
shock
for
me
coming
from
from
the
identity
world,
where
there's
all
these
like
very
strict
boundaries
on
on
what
you're
allowed
to
do
and
not
do.
C
B
F
F
F
But
I
was
I
was
a
pen
tester
doing,
network
penetration
stuff
and
when
virtualization
was
just
starting,
so
it
was
kind
of
like
that
was
the
first
revolution
that
I
saw
in
the
industry
and
somehow
I
migrated
to
an
application
security
background,
doing
android
and
mobile
stuff,
and
I
swear
I'm
going
to
get
to
like
where
we
get
the
cloud
native,
because
it
doesn't
make
any
sense
how
these
are
related
yet.
But
I
saw
android
and
ios
that
were
doing
like
these
sandboxed
processes.
They
were
doing
like
isolated
kind
of
container
processes.
F
I
was
like.
Oh,
this
is
awesome
and
when
containers
started
becoming
adopted,
kubernetes
was
around.
I
was
like
this
is
this:
is
the
future
of
all
servers
we're
going
to
have
a
containerized
processes,
we're
going
to
be
isolated,
so
I
started
adapting
what
I
was
doing
for
like
application
security
stuff
and
looking
more
towards
what's
kubernetes
doing
like
let's
help
secure
this
thing
and
and
of
course,
that
didn't
really
flush
out,
as
I
wanted
it
to
this
thing,
we
don't
have
we
don't.
F
Sandboxes
per
se,
but
we've
got
some
level
of
isolation,
it's
cool,
so
I
think
I
was
just
pushed
into
cloud.
I
had
a
whole
bunch
of
customers
and
it
was
just
the
industry's
moving
the
cloud
like
who's
who's,
doing
on-prem
stuff.
In
fact,
earlier
on
in
my
career
I
was
flying
everywhere
because
everything
was
on-prem.
I'd
go
to
like
data
centers
and
I
had
to
go
to
physical.
You
know
servers
and
stuff,
and
then
it
just
stopped.
You
saying:
oh,
no,
it's
all
remote!
F
We'll
just
give
you
shell,
you
know
we'll
just
give
you
access
to
the
things
you
need,
so
I
had
customers
that
were
just
in
the
cloud.
You
need
to
adapt
or
die
right
in
the
security
industry.
So
I
was
doing
a
lot
of
kubernetes
stuff
and
I
built
a
team
at
ncc
group
that
was
just
doing
containers
and
sandboxes
and
kubernetes
security
assessments,
and
we
kind
of
built
built
some
staff
around
that.
So
so
now.
K
D
F
C
I
That
is
a
fine
question.
I
was
very
privileged
in
that
my
first
job
out
of
uni.
I
ended
up
doing
something
that
I
was
perhaps
under
qualified
for
at
the
time.
So
there
was
a
small
startup
in
bristol
which
is
out
on
the
on
the
west
coast
of
england,
close
to
lewis's
proximity,
and
it
was.
It
was
a
software
as
a
service
back
when
that
was
actually
a
definition
of
something
business
business
management
system.
I
I
was
the
first
employee,
so
I
had
the
incredibly
fortuitous
position
of
doing
operations
doing
the
development
doing
pci
compliance
back
when
back
when
we
still
stored
numbers
for
people
that
very
quickly
failed
to
be
the
case,
and
everything
was
rackspace.
So
so
everything
was
like.
You
were
buying
space
in
a
colo.
H
I
You
got
us
again,
mate
hysterically,
I
was
saying
we
had
availability
issues
and
then
everything
froze
so
there's
some
sort
of
resonant
induction,
conductive
coupling
with
silicon
I'll
have
to
be
careful
what
I
say
and
yeah.
So
so
amazon
opened
eu
west
one
and
like
some
will
probably
call
me
out-
2008,
maybe
and-
and
we
just
jumped
on
it,
so
going
from
going
from
that
position,
where
I'm
just
kind
of
de
facto.
This
thing
needs
to
be
done.
There's
a
cloud
over
there.
I
You
can
kind
of
take
the
big
multi-tenant
linux
system,
squeeze
it
into
a
microcosm
and
then
run
or
bin
pack
them
and
add
them
for
nyson,
and
it
was
pretty
clear
from
sort
of
early
early
musings
with
docker
that
there
were
lots
of
security
opportunities
and
yeah.
It's
just
all
kind
of
steamrollers
from
there.
So
yeah
again,
like
very
fortunate
to
have
that
that
luxury,
and
I
often
wonder
if
people
like
joining
joining
the
train
or
like
getting
on
the
ride
at
this
point.
I
H
Yeah,
there's
there's
a
lot,
there's
a
lot
that
I'm
I'm
it
there's
so
much
that
I
feel
like
I'm
always
learning
and
it's
as
especially
as
I've
been
digging
more
into
kubernetes.
It's
just
been
like
so
much
to
break
down
and
just
be
like.
Oh
yeah
like
this
is.
This
is
how
it's
done,
and
this
is
like
where
I
I
feel
like
I've
been
like
missing
in
my
education
as
I
am
continuously
learning
so
yeah.
I
C
A
C
E
I
I
don't
know
what
I'm
allowed
to
say
on
that
point.
I
think
we're
exclusive
I
I
am
just
with
control
plane
now
and
it's
I'm
not
anywhere
else.
It's
with
control
plane,
but
yeah,
no,
my
career,
it's
it's
been
varied.
You
can
look
on
linkedin
and
if
you
can
figure
it
all
out
as
how
I
got
there,
congratulations
I
don't
have
a
clue.
E
Please
tell
me,
but
the
main
point
for
me
was
about
five
six
years
ago
now
I
just
hit
this
like
lull
in
my
career,
where
I
was
a
developer,
I
got
into
it.
I
have
a
lot
of
developing,
I
just
love.
For
me.
It's
puzzles
everything
I
see
is
a
case
of
how
do
I
fix
this?
How
do
I?
How
do
I
make
this?
How
do
I
solve
that
problem?
E
That's
that's
going
to
help
me
because
I
need
to
be
like
I'm
going
to
have
a
child
and
they're
going
to
be
screaming
in
the
night.
I
can't
work
to
like
4
a.m,
so
I
started
that
way,
but
then
and
for
me,
there's
always
conferences
as
well.
There's
events
like
this.
You
get
to
meet
people
who
are
like-minded.
E
Sometimes
you
you
feel
like
you're
in
a
bit
of
a
hole
on
your
own,
and
no
one
else
can
really
understand
you
when
you
bump
into
all
these
amazing
people
in
these
conferences,
you're
like
oh,
no,
actually,
we're
kind
of
alike,
it's
kind
of
okay,
it's
a
nice
place,
and
so
from
that
I
saw
andy
on
stage
hacking
containers
and
it
was
just
like
hello.
This
is
what
security
always
scared
me,
because
I
never
felt
like
it
was
a
defined
line
that
I
could
achieve,
whereas
actually,
then
I
realized.
E
This
is
the
perfect
puzzle
for
me,
because
it's
something
that's
constantly
evolving,
it's
always
something
which
I
can
work
further
on,
and
so
from
that
point
I've
worked
my
my
something
off
to
get
to
this
position
where
I
could
work
within
control
plane
and
it's
a
piece
that
I
get
to
work
with.
So
I
thought,
like
you,
know,
andy
and
you're
gonna
hear
more
about
james,
but
we've
got
some
of
people
behind
the
scenes
as
well.
E
Helping
us
today,
which
I
need
to
mention,
such
as
michael
steve
and
carl,
and
every
day
you
just
have
like
phenomenal
people
who
just
try
to
make
you
a
better
person
and
it
isn't
just
career,
it's
about
being
a
better
person
as
well,
and
so
that's
just
what
we
do
and
yeah
so
probably
in
years
time.
I
guess
I'll
still
be
in
this
kind
of
branded
top.
But
that's
where
I
am,
and
I
just
think
I
thought
that's.
E
The
main
thing
I
just
say
to
people
is
it's
like
whatever
position
you're
in
especially
with
the
ctf
and
that's
that's
a
puzzle
that
we've
made
for
you.
It
might
feel
tough
at
times,
but
don't
worry
because
it's
supposed
to
be
really
tough
and
we're
here
to
help,
but
at
least
by
the
end
of
the
day,
you're
going
to
learn
another
way
as
to
how
to
break
something
which
is
always
fun.
B
J
D
J
Do
things
some
places
do
things
badly?
Some
places
do
things
well
and
sort
of
early
early
in
my
career
it
was
invaluable
really
because
it
sort
of
it
exposed
me
to
all
those
all
those
different
things
that
perhaps
would
have
taken
me
many
more
years
to
to
witness
and
learn
from
had
had
it
been
like
a
normal
job.
Cycling
scenario
I
sort
of
started
off
in.
K
B
B
F
Crew
right,
like
the
the
plug-ins
for
coop
cuddle,
like
crew,
have
a
bunch
of
like
scripts
that
are
baking
in
that
like
to
me,
is
kind
of
like
the
metasploit
of
kubernetes
or
just
got
a
bunch
of
scripts
that
they
aren't
necessarily
like
new
things.
You
got
to
compile
and
build
they're
just
these
dependencies.
You
can
yank
into
your
to
your
box
really
quickly
and
start
attacking
different
stuff.
C
C
D
F
Well,
I
think
andy's
right
or
is
it
like
everyone's
saying
bash,
because
that's
you
don't
know
the
environment
you're
going
to
get.
Are
you
going
to
get
remote
code
execution?
What
kind
of
shell?
What
kind
of
environment
are
you
in
like
what
if
it's
windows
like
everything's
out
the
window,
you
don't
know
what
to
do
so.
I
think,
like
the
core
unix
tools
running
netstat
lsof,
you
know
like
bash.
C
So
is
that,
like
a
statement
on
like
the
types
of
issues
that
people
have
typically
in
their
cloud
native
environments-
or
I
mean
what
are
your
thoughts,
is
that
because
I
feel
like
okay,
if
I'm
gonna
go
hack,
a
web
app,
you
know
this,
probably
burp
suite
or
something
like
that
is
gonna,
be
like
the
universal
tool.
Everybody
says
they
want
right,
but
when
it
comes
to
you
know
things
like
a
a
case
cluster.
We
don't
really
have
like
that.
C
I
F
H
H
H
That
allows
for
that
extrapolation
and
easier
interpretation
of
data
and
information
you
get,
but
with
how
new
cloud
native
is
and
even
a
tool
like
kubernetes,
you
don't
have
that
that
time
period
to
be
able
to
create
an
extrapolation,
because
if
things
are
moving
so
fast
that
you
just
have
to
keep
pushing
forward,
you
don't
have
that
break
point
where
you
can
just
be
like.
Oh
yeah
like
I
can
actually
build
something
around
this,
but
I
just
have
to
keep
going
and
figure
out.
F
C
I
Yeah,
I
suppose
yes,
it
actually
goes
to
print
today,
so
it
doesn't
exist
for
another
month
or
so,
but
yeah,
I
think,
yeah.
I
mean
it's
a
really
strong
point.
We
we're
not
searching
for
vulnerabilities
in
the
code
base
itself
generally,
there
are
huge
buzzing
projects
going
on
against
kubernetes,
which
kind
of
deal
with
that
for
us.
I
Maybe
that's
on
a
kind
of
per
name
space
basis.
Maybe
that's
the
way
that
the
cluster
sits
in
the
sort
of
wider
topology
of
the
cloud
accounts,
because
I
mean
there's
something
in
cubanet
stocks,
which
is
like
the
four
c's
of
humanities.
You've
got
the
code,
the
container,
the
cluster
and
the
cloud.
I
think
that's
right
and
we
modeled
the
applications
already
compromised
because
we
say
the
application's
compromised.
What
about
the
topology
and
the
network
policy
around
it?
What
about
the
node
isolation?
I
What
about
the
services
and
the
workload
identity
that
that
can
hit
up
in
the
cloud
and
all
those
things
kind
of
inform
how
the
architecture's
built
so
so
the
question
there
becomes
like?
Not
only
do
we
have
misconfigurations
in
in
the
file
system
can
we
escalate
to
root
really
easily
within
the
pod
and
then
all
the
container
breakouts
generally
require
root
or
cap
awesome
capabilities.
I
So
that's
that's
kind
of
the
first
line
of
defense.
Is
the
security
context
hard
enough,
then
again,
assuming
that
that's
broken
out
of
what
identities
can
be
integrated
within
the
cloud
based
upon
what
the
service
account
has
to
some
extent
again,
you
can
statically
analyze
those
kind
of
things,
but
then,
of
course,
if
somebody
can
just
exploit
like
a
metadata
api
in
security,
where
you
can
hit
your
cloud
provider's
metadata
api
pull
back
the
instance
role
with
like
old
school,
well,
an
old-school
token
service
and
then
just
escalate.
I
The
cloud
account
well,
you
can
just
go
and
image
all
the
disks
and
it
doesn't
really
matter
about
your
configuration
of
the
cluster
itself.
So
having
everything's
clarity
is
super
useful,
but
then
the
way
that
we
kind
of
work
our
way
out
and
around
those
it
is
just
a
standard
set
of
tools
that
we
want
to
the
difficulty
is,
is
doing
it
contextually
and
understanding
the
developer's
intent
and
trying
to
figure
out
where
the
where
the
holes
would
be,
rather
than
just
kind
of,
like
spraying
scans
across
the
whole
thing.
B
I
Speaking
generically,
like
old
school
enumeration
and
discovery
techniques,
are
still
completely
relevant.
Cloud
native
doesn't
throw
away
the
baby
with
bath
water
kind
of
thing
it
just
brings
in
some
other
abstractions
and
allows
us
a
more
fine-grained
model
to
hang
policy
around
processes.
Basically,
so
I
love
nmap.
Actually,
I
suppose
that's
another
tool
with
a
decent
scripting
engine
to
it
as
well.
I
So
yeah
like
starting
off
with
an
map
enumeration,
is
often
a
useful
thing
to
do
against
cluster
in
in
this
case,
in
the
first
thing
we're
going
into
there
is
there's
some
application
level
injection
that
we've
got
to
play
with
again,
as
ali
says,
like
it's
been
around
since
the
dawn
of
time.
This
is
the
way
that
stuff
gets
pwned
remote
code,
execution
first
in
the
door,
and
then
what's
my
privilege,
can
I
escalate?
Can
I
enumerate?
I
C
H
E
So,
whilst
you
prep
that
just
for
today's
etf,
if
you
are
looking
for
a
cluster,
if
you
could
dm
the
taskmaster
taskmaster,
has
a
load
of
clusters
ready
to
go
that
they're
on
the
other
side
of
that
door
over
there,
we'll
send
them
across
your
way.
If
you
need
any
help,
reach
out
to
goose
other
than
that,
just
make
some
noise
on
the
channel.
Someone
will
find
you
soon
enough
and
we'll
definitely
be
there
to
help
you
out.
E
So
you
need
to
sign
up
for
the
security
days
and
then
you
should
have
had
in
email
with
credentials
so
for
today
that's
where
they
need
to
go.
We
will
promote
this
at
the
end,
there's
an
open
source
version
of
simulator,
where
we've
already
got
scenarios
out
there
and
then,
if
you
are
interested
in
this
well
we're
always
running
game
days
anyway,
and
for
us
it's
always
just
about
let
them
people
in
and
just
playing
about.
E
So
if
you
are
interested
just
reach
out
to
us
again,
I
I
put
myself
down
on
internet
there,
but
you
can
find
me
on
the
internet.
I've
got
a
double
barrel,
surname
there's
only
one
of
me,
which
is
a
terrible,
terrible
thing
for
me,
but
you
can
find
me
just
message
me
and
I'm
always
more
than
happy
to
help
out.
E
D
H
I
J
J
J
I
J
J
K
J
K
J
J
F
J
So
if
we
try
that
again,
but
we
can
edit
say
get
rid
of
that-
and
maybe
just
say
if
we
try
replacing
it
with
id,
we'll
see
that
we
can
specify
the
whole
command
here,
which
is
great
news
for
us.
So
we
have
a
command
injection
command
execution
floor
and
this
website
we
can
see
that
we're
running
as
the
nginx
user,
so
that
kind
of
tracks,
given
that
we
potentially
might
be
using
nginx
to
serve
our
website
over
on
the
left.
Here.
J
J
D
D
E
Cool
whilst
you're
doing
that
james
and
I'll
just
mention
as
well
that
like,
if
you've
done
our
ctf
challenges
before
we
usually
just
jump
straight
into
shell,
and
so
this
time
around,
we
wanted
you
to
have
to
do
it
this
way
to
say
like
well,
we
haven't,
given
you
credentials
to
start
with
the
next
couple
of
scenarios.
You've
got
credentials,
but
we're
just
trying
to
show
you.
This
is
how
it
can
start.
So
if
you're
always
wondering
well
is
as
an
attacker,
someone
sends
me
credentials.
It
isn't
the
case.
J
J
F
E
Being
british
I'd
wipe
my
feet
first
and
take
my
shoes
off
before
I
go
into
someone
else's
pod,
so
one
of
our
favorites
is:
am
I
contained
by
jesse
frazelle?
If
you
can
get
that,
if
you
can
get
that
running,
it
shows
you
a
lot
of
what
you
can
do
from
that
point.
So
big
shout
out
to
jersey,
as
ever
from
I'm
pretty
much
it's
just
what
andy
would
say
anyway.
So
I'm
just
saying
what
andy
would
say.
K
I
I
F
J
D
H
D
F
J
F
I
D
J
J
E
K
D
H
H
J
J
J
K
J
G
J
See
we
can't
get
secrets,
so
we
could.
We
had
a
little
more
time,
maybe
download
something
like
ruckus,
which
would
allow
us,
which
is
a
crew
plug-in,
but
it
was
just
a
standalone
binary
beforehand,
but
allow
us
to
enumerate
through
the
access
the
api
calls
that
we
were
allowed
to
allowed
to
run
and
which
ones
we
weren't.
J
J
J
E
J
J
K
J
E
F
J
E
F
J
I
It's
all
good,
eureka
is
best
yeah
blog
fool
has
pointed
out
that
they
reverse
engineered
the
status.php
page
to
identify
what
these
things
were,
which
is
which
is
a
great
shout
out
and
there's
a
question:
does
pods
have
duponts
have
a
concept
of
hostname
or
bash
history?
Well,
yes,
if
they're
baked
in
if
somebody's
gone
and
done
something
dynamic
at
build
time,
but
once
the
pod
restarts,
then
no
that's
ephemeral
and
it's
lost.
F
K
J
F
J
F
C
C
I
and
thank
you,
everybody
for
all
the
the
great
suggestions,
the
ideas
and
it's
it's
cool
too,
to
see
you
know
in
the
ctf
how
maybe
there's
different
ways
to
go
about
finding
some
of
the
same
information
same
as
when
you're
you
know,
pen,
testing,
something
like
this
or
you
know,
trying
to
to
find
those
volumes
in
your
own
environment
so
but
yeah.
Unfortunately,
we
gotta
wrap
up.
So
thank
you.
Everybody
mark
lewis
anders
allie
james,
andy,
gabby.