►
Description
Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
A Treasure Map of Hacking (and Defending) Kubernetes - Andrew Martin, ControlPlane
In this ultimate guide to threat-driven defence, we threat model Kubernetes and detail how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to defend against a range of historical and current CVEs, misconfigurations, and advanced attacks: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security.
A
Okay,
hello
and
welcome
to
that
there's
still
space.
Incidentally,
there's
probably
another
20
seats.
If
you
want
to
let
a
few
more
people
in
okay,
we'll
see
how
we
go
hello
and
welcome.
Thank
you
very
much
for
coming
to
this
talk.
This
is
one
of
the
most
packed
rooms.
I've
ever
delivered
to
really
appreciate
you
attending
when
there's
so
many
other
high
quality
talks
going
on
in
this
slot.
A
A
I
have
done
various
things.
I've
written
a
book
which
you
will
hear
a
little
bit
about
today.
There
is
a
sans
course
involved.
My
excellent
colleagues
also
participate
in
a
lot
of
training
and
we'll
see
links
to
those
things
too,
and
this
is
my
pre-eminent
co-author,
mr
michael
hassenblast
solutions,
architect
at
aws
and
together
we
wrote
to
the
book
hacking
kubernetes.
A
It
is
available
as
a
free
download,
the
first
half
as
a
pdf
on
the
control
plane
website,
and
I
will
give
you
a
whistle
stop
tour
of
what
we
have
inside
it.
So
what
will
we
talk
about
today?
Well,
it's
just
a
lot
of
demos
and
I
will
do
my
best
to
ensure
they
all
work.
I'm
wired
in
the
demo
gods
at
least
don't
have
the
ethereal
wi-fi
to
contend
with
so
we'll
start
off.
A
A
So
what
happens
when
kubernetes
gets
deployed?
The
security
team,
normally
panic,
and
that's
because
somebody
like
captain
hash
jack,
is
all
up
in
their
clusters.
Captain
hashtag
is
our
eight
bit
adversary,
we're
going
to
threat
model
and
attack
on
these
clusters.
This
is
the
person
who
we're
terrified
of
in
this
instance,
but
this
this
talk
is
called
a
treasure
map.
Why
is
there
a
treasure
map
involved?
Well,
this
is
because,
from
the
inside
of
a
pod,
this
is
what
you
might
want
to
look
at
to
try
and
break
out.
A
A
Why
is
this
well?
First
of
all,
we
want
to
understand
what
are
their
capabilities.
What
potentially
could
they
do
to
us
and,
by
extension,
what
are
their
intentions?
Why
would
they
want
to
do
these
things?
This
is
a
process
of
threat
modelling.
It
is
a
personal
passion
and
crusade
of
mine
to
ensure
that
threat,
modeling
becomes
part
of
the
infrastructure
deployments
process.
We've
seen
this
in
application
security,
where
it's
a
more
established
process.
A
So
we
start
off
with
a
casual
vandal
script.
Kitty
me
as
a
younger
version
of
myself,
perhaps
just
interested
to
know
what
happens
when
you
port,
scan
restricted
ranges
and
find
open,
insecure
things
and
may
not
be
a
malicious
intent,
but
there
may
be
malicious
side
effects
from
misunderstanding
or
general
tinkering
generally.
A
We
have
motivated
individuals,
but,
as
we
progress
we're
more
concerned
with
insiders,
a
finger
in
the
air
guess
is
about
every
40
000
employees
for
a
major
organization
has
at
least
one
insider
working
for
another
organization,
another
nation
state.
Potentially
things
get
worse
when
we
look
at
cloud
services,
insiders,
of
course,
because
we
have
to
trust
something,
we
trust
our
operating
systems.
We
trust
the
providers
of
the
public
certificates
that
we
look
at
for
our
for
our
roots,
difficult
authorities
for
internet
encryption,
our
tls,
etc.
We
trust
our
hardware
providers.
A
But
what
we're
actually
caring
about
here
in
captain
hashtag's
case
is
the
organized
crime
syndicate
potentially
state
affiliated
sponsored,
but
not
directly
linked
these
individuals
or
groups
have
very
wide
ranging
capabilities.
We've
seen
a
lot
of
ransomware
kick
off
in
the
last
few
years.
Cyber
insurance
has
become
very
expensive
because
these
groups
are
talented,
they're
targeted,
but
they
will
use
drive
by
attacks.
So
we
do
have
the
ability
to
raise
the
bar
and
ensure
that
we
test
our
configuration
and
do
not
get
pwned
right
so
into
demos.
A
Very
soon,
attackers
think
in
graphs
defenders
thinking
lists.
What
does
this
mean?
Well,
a
defender
has
to
tick
every
single
line
on
their
checklist
to
make
sure
that
there
is
no
in
the
armor,
no
vulnerability,
no
open
door
in
the
castle,
whereas
an
attacker
just
has
to
pivot
through
various
things:
they'd
land
somewhere,
they
observe
the
visible
horizon
and
they
go
for
the
next
thing.
It
doesn't
work.
The
next
thing.
Maybe
the
third
thing
works.
A
It's
another
foot
forward
into
the
system,
so
we
have
to
be
mindful
that
there
is
a
different
mindset
from
an
attacking
and
defending
perspective.
This
is
where
we
get
to
attack
trees.
These
give
us
a
view
of
how
we
might
pivot
through
a
system
and
then,
by
extension,
they
give
us
an
opportunity
to
cut
the
branches
of
the
tree
with
specific
controls
that
give
us
a
visual
representation
of
the
security
of
our
system
or
the
supposed
security
of
our
system.
A
This
is
one
from
the
financial
services
user
group.
Again
we
do
this
for
o'reilly.
There's
a
lot
of
open
source
material
around
this.
My
excellent
colleague,
lewis,
stellenperry,
did
a
fabulous
talk
on
this
yesterday,
strongly
recommended
to
go
back
and
watch.
It
was
one
of
the
most
funny
and
insightful
talks
on
threat,
modeling,
it's
possible
to
give
and
it's
a
very
strong
recommend.
A
A
Let's
rock
and
roll
okay,
so
code
to
cloud
attack
patterns.
This
is
from
the
kubernetes
documentation.
We
begin
with
the
code.
This
is
where
our
business
value
is
delivered.
This
is
what
developers
change
frequently.
This
is
where
remote
code
execution
might
occur.
If
we
have
a
web
facing
sockets.
If
we
have
a
web
server
with
either
serving
some
static
code
or
serving
some
dynamic
application,
there
is
the
opportunity
for
untrusted
code
to
execute
in
the
context
of
our
process,
we're
running
a
process
in
a
container.
If
we
receive
data
from
externally,
that's
not
handled
correctly.
A
We
get
a
remote
code.
Execution
we've
seen
this
in
various
different
flavors
log
4j,
the
log
for
shell
attack
classic
remote
code
execution,
passing
a
string
executed
in
a
context
that
was
unexpected
by
the
server
security
side
effect.
So
the
first
thing
we
need
to
do
is
get
a
remote
code
execution.
Now
there
is
another
way
to
do
this,
and
that
is
the
supply
chain.
We've
heard
so
much
about
why
the
supply
chain
is
dangerous,
but
let's
exploit
it
quickly.
So
everything
is
software.
Supply
chain
explained
like
five.
A
A
This
means
that
an
open
source
software
developer
is
implicitly
part
of
the
supply
chain
of
all
of
our
software,
but
anything
that
they
consume
is
also
part
of
the
consumer
producer
transitive
difficult
to
reasonable
dependency
graph.
So
what
we're
looking
at
here
is
bob
alice
bob
charlie
production.
A
If
we
can
insert
malicious
code
into
the
dependency
graph
of
a
supply
chain,
we
can
run
our
own
code
on
someone
else's
hardware
on
someone
else's
kubernetes
cluster.
Very
specifically,
how
do
we
attack?
Well?
We
can
do
it
in
lots
of
different
ways.
We
can
get
a
source
code,
we
can
affect
a
supplier
which
is
a
very
popular
way
of
doing
things
recently,
especially
when
we
see
things
like
octa.
Another
supply
chain
attack
where,
in
that
case,
a
help
desk
provider
was
the
one
compromised
or
we
get
into
the
runtime
environment.
A
A
Okay,
so
just
in
time
for
the
supply
chain.
So
what
we're
going
to
see
in
this
next
demo
is
mpm
the
javascript
registry.
What
we
have
there
is
many
small
decomposed
packages
java
pushes
this
idea,
because
sorry
javascript
pushes
this
idea,
because
the
decomposition
of
packages
is
supposed
to
be
an
easy
way
to
build
and
reuse
code.
A
He
says
just
going
to
reset
this
again.
What
this
means
is
that
we
have,
maybe
you
could
get
the
slides
off
and
we
can
try
that
way.
What
this
means
with
npm
is
that
we
have
a
huge
proliferation
of
open
source
packages.
Now,
specifically
with
the
npm
installed
json
the
package
json,
we
have
the
ability
to
do
a
pre-commit
hook.
A
That
pre-commit
hook
allows
us
to
execute
code
in
this
case.
What
that
code
will
do
is
what
that
code
will
do
is
enumerate
the
contents
of
our
local
file
system.
When
we're
installing
a
package
we
are
installing,
with
the
permissions
of
the
user,
that
is
doing
the
execution.
So
in
this
case
this
will
be
me.
A
A
A
A
A
A
Oh
sorry
install
here,
not
I
okay.
Finally,
so
this
is
now
executing
my
pre-commit
hook.
If
I
pull
this
down
without
reading
the
source
code,
we're
essentially
piping
to
bash-
and
at
this
point
I've
enumerated
the
contents
of
my
local
file
system.
These
are
ssh
keys.
I
could
install
miners
okay
and,
with
this
timing,
I'm
going
to
move
on
a
little
bit
quickly.
So
what
just
happens
I
hear
you
ask?
A
It
must
have
been
this
slide,
okay,
so
that
was
what
I
was
explaining
right.
So
we
ran
this
backdoor
open
source
package,
pre-installed
hooked,
abuser's,
privilege
profit.
So
what
could
this
actually
look
like
with,
with
an
end
to
end
like
running
this
remote
code
execution
down
at
the
bottom?
Here
we
have
the
malicious
code
into
a
target
library,
so
we're
talking
about
npm
here,
but
we
can
do
this
for
any
operating
sorry,
any
application
package
once
that
gets
built
into
developer
code
and
is
running
in
our
kubernetes
clusters.
A
We
can
fire
a
reverse
shell,
a
reverse
shell
busts
outwards
through
a
firewall.
So,
instead
of
me
sshinging
onto
a
server,
the
server
ssh
is
onto
an
open
port
that
I
have
on
a
public
ip
somewhere,
and
this
is
when
captain
hash
jack
in
his
nefarious
sailboat
there
is
able
to
get
access
to
our
systems.
A
A
A
This
is
the
reverse
shell
idea,
so
we
start
with
attacking
the
victim's
machine
we're
running
code
in
their
context
that
they
do
not
expect.
We
get
a
reverse
tcp
connection,
so
this
busts
outwards
from
a
firewall.
This
is
also
the
log4j
problem.
Unless
our
firewalls
are
monitoring
or
are
restricted,
which
is
not
always
the
case
or
difficult
to
do,
then
we
can
get
to
a
potentially
unknown
external
location.
This
is
a
tcp
version
of
the
attack,
there's
a
dns
version
as
well.
A
Of
course,
there
are
other
slightly
more
nefarious
ways
to
do
it,
but
it's
very
difficult
to
block
so
similar
to
previous.
We
will
use
this
malicious,
backdoor
image
in
a
public
container
registry
that
will
be
run
inside
our
cluster,
and
this
will
then
fire
the
reverse
shell,
where
we
connect
courtesy
of
duffy,
one
of
the
sig
honk
luminers.
A
A
A
You
may
not
believe
me
by
judging
by
the
previous
talents
all
right.
So
what
are
we
going
to
do?
First
of
all,
we're
going
to
bounce
through
a
public
endpoint
called
ngrok.
So
what
we're
doing
here
is
we're
getting
a
free
ip
on
the
public
internet
with
the
ports
at
the
bottom.
Here
we
see
it's
probably
a
little
large
at
the
bottom.
Here
we
see
a
log
of
what's
going
on
and
at
the
top
here
we
are
going
to
run,
which
version
will
be
on.
A
This
is
the
location
of
the
ip
and
the
port
that
we're
going
to
fly
back
to
the
deal
with
reverse
shells
is
that
bash
contains
a
virtual
dev,
tcp
endpoint,
which
is
really
easy
to
hook
a
shell
to
and
get
this
reverse
shell
action.
It's
probably
one
of
the
worst
decisions
in
the
history
of
of
computing
and
at
this
point
we're
just
going
to
deploy
something
malicious.
So
this
will
look
a
little
bit
like
cool.
A
A
A
Okay,
so
what
we've
seen
there
is:
we've
deployed
this
malicious
image
with
a
poorly
configured
security
context,
and
this
is
bounced
through
that
public
ip
back
to
me,
standing
waiting
for
it
and
I've
now
got
a
connection
into
this
shell,
sorry
into
that
pod.
So
at
this
point
running
his
route,
obviously
that's
a
horrendous
idea.
Are
we
privileged?
Well?
What's
the
contents
of
dev,
we
can
see
everything
so
at
this
point
we
can
escalate
mount
the
host
file
system
use
an
nscenter
attack.
A
A
Yes,
there
we
go
so
that's
the
host
file
system
and
we
can
also
see
the
host
process
table.
Wonderful,
those
are
all
things
we
should
never
be
able
to
see
from
inside
a
container,
but
of
course,
because
we've
entered
those
host
name
spaces,
we've
broken
the
abstraction
all
right,
let's
keep
on
moving.
A
We
saw
that
malicious
image
that
was
pushed
into
a
public
location
was
then
used
to
run
in
production
when
it
ran
it
fired
that
remote
reverse
shell
back
to
a
place
that
I
controlled,
and
that
gave
me
access
to
the
pod
from
externally.
At
that
point
again,
it's
observing
the
visible
horizon
escalating
continuing
to
see
are
there
data
stores?
Is
there
private
information?
Are
there
keys?
A
Are
there
quant
algorithms
that
I
can
steal
it's
a
bad
day
when
someone
has
that
initial
foothold,
the
remote
code
execution
inside
your
systems,
because
then
more
nefarious
things
can
happen?
Okay,
so
if
that
wasn't
stressful
enough,
we
will
now
try
a
kernel
exploit
it's
not
a
container
escape
it's
a
process
that
wants
to
be
free.
A
A
A
The
compromise
we
make
with
a
container
is
that,
in
order
to
run
very
quickly
and
to
bin
pack
many
containers
onto
one
host,
we
start
a
process
on
a
running
kernel,
so
we're
sharing
a
single
kernel
amongst
all
the
processes
on
a
host.
This
allows
us
to
start
very
quickly,
but
it
changes
our
security
model
and,
as
we
see
in
this
case,
those
host
resources
should
be
protected.
They
shouldn't
be
available.
The
point
of
containerization
or
virtualization
is
to
abstract
those
away
and
not
make
them
available.
A
A
This
is
a
list
of
recent
container
vulnerability
escapes.
It's
been
a
busy
year,
courtesy
of
chris
nova.
Again,
this
is
where
the
contention
lies.
The
kernel
is
not
a
security
boundary,
but
then
really
the
cpu
is
not
a
security
boundary.
As
we've
seen,
are
we
going
to
just
decompose
everything
onto
onto
computers
under
people's
desks
like
we
used
to
do?
No,
we
still
have
to
move
with
the
time,
so
there
is
some
difference
here.
A
This
is
the
view
of
namespaces.
I
won't
go
into
this
too
much
more,
but
suffice
to
say
we
are
sharing
a
local
network
between
our
container
workloads
and
a
pod.
The
c
groups
mount
and
process
name
spaces
should
be
individual,
but
then
we
get
to
share
storage
network
and
a
couple
of
other
things
plenty
more
on
this.
In
the
book
c
groups
v2
come
with
some
better
security
features.
A
A
It
is
a
dirty
page
vulnerability,
so
that
means
it
permits
the
injection
of
code
into
processed
memory
that
is
owned
by
roots,
so
an
untrusted
user
can
scribble
some
instructions,
stick
them
into
a
piece
of
code.
The
root
is
going
to
run
executable
memory
and
root
will
run
those
things
if
the
code
that
we
stick
in
there
is
another
reverse
shell.
Back
to
where
we're
sitting
on
the
same
box,
we
have
root
access
to
the
box
by
virtue
of
this
escape.
A
It's
got
a
specific
nuance
of
foible,
which
is
you
can't
write
the
first
few
bites.
So
what
this
exploit
does?
Courtesy
of
my
friend
and
colleague,
james
cleverley,
promise
is
exploit.
The
proc
self
exe
attack
writes
a
small
piece
of
assembler
to
build
assembly
to
build
something
smaller
than
4k,
which
fires
this
reverse
shell.
Back,
okay,
let's
break
out
of
a
container.
A
A
A
We
have
the
run
c
small
dot,
madam
so,
ultimately,
here
we
are
using
the
elf
header
and
we'll
ignore
most
of
this.
But
what
we
care
about
here
is
this:
is
our
good
old,
reverse
shell,
we're
going
to
insert
this
base64
code
into
the
run
c
binary
on
base64,
and
it
looks
like
that
two
to
five
dev
tcp
and
we've
got
that
same
reverse
shell
again
and
and
with
any
luck
off
we
go
okay.
So
we
have
built
the
thing
and
now
check
who
we
are.
A
We
have
executed
and
I
will
just
check
that
it
runs
into
me.
Oh
there
we
go
wonderful,
so
we're
now
roots.
So
what's
happened.
There
is
by
running
this
exploit
and
injecting
this
code.
We've
fired
that
reverse
shell.
Back
and
interestingly,
it's
dumped
us
into
the
file
system
location
that
the
mount
namespace
was
mounted
from
so,
of
course,
on
a
container
and
the
processes
inside
it
have
to
exist
on
the
host
we're
running
on
a
shared
kernel,
but
we
paint
this
picture
for
the
container.
A
That
says,
you
can
only
see
what
the
colonel
wants
you
to
see
in
this
case
you're
the
only
special
process
running
on
the
host
here.
Now
that
we've
broken
out,
we
can
see
that
the
abstraction
has
been
shattered
and
we
dropped
into
the
container
the
runtime
location,
where
this
image
is,
and
we
can
see
the
contents
of
the
of
the
image
itself.
A
What
is
the
upshot
of
this?
Well
at
this
point?
We
have
got
access
to,
for
example,
the
cubelets,
and
we
can
we
can
root
the
whole
system.
So
the
idea
here
really
is
to
use
the
container
cloud
native
paradigm
of
constantly
rebuilding
having
fast
deployment
pipelines
and
using
our
ci
cd
to
ensure
that
we're
always
on
the
latest
image.
But
this
is
a
kernel
vulnerability.
So
it's
in
the
host
system
is
the
same
thing.
A
Our
ami
bakery
or
our
vm
golden
image
should
have
a
well
oiled
pipeline
so
that
we
can
ship
patches
as
soon
as
they
arrive
in
this
case
as
quickly
as
is
necessary.
Okay,
so
we
are
now
out
on
the
host
we've
broken
out
of
a
container
and
we
sat
on
the
host
file
system.
What
do
we
want
to
do
next?
Attack?
The
cubelets
here
is
a
high-level
view.
A
We
can
see
that
various
things
from
the
node
root
are
exposed
into
the
the
node
user
and
by
that
we're
talking
about
the
workload
that's
running
there.
So
what
do
we
see?
Well,
we've
got
completed,
runtime
the
storage,
the
orchestrator
injected
environment
variables
and
the
sequencing
config
maps.
Now
again,
everything
that's
mounted
into
the
container
must
exist
on
the
host
and
one
of
those
things
is
secrets.
A
When
secrets
are
pulled
from
the
cube
from
the
kubernetes
api
by
the
cubelet,
the
api
will
verify
that
the
node
is
running
the
workload
that
is
authorized
to
pull
those
secrets.
You
can't
just
enumerate
everything
as
long
as
the
node
authorized
plug-in
is
correctly
configured,
so
in
this
case
we
are
going
to
from
the
cubelet
host.
So
we've
routed
the
cubelet
we'll
enumerate
the
file
system
find
out
where
the
service
accounts
are
and
exploit
the
stolen
service
accounts.
A
A
A
So
what
will
this
do?
Okay,
k
secrets
file
system
dump
it
looked
invalid,
cubelet
pods
everything
for
kubernetes,
either
volumes
or
projected
volumes
because
bound
service
account
tokens
which
are
the
new
actually
iterable
way
of
attaching
a
claim
to
a
service.
Account
token
strongly
recommended
to
use
exist
in
these
locations
and
then
we'll
have
a
look
for
things
like
namespace
token
or
certs.
Let's
just
have
a
look
at
what
is
in
that
directory
that
we're
enumerating
don't
forget.
We
are
the
root
user.
The
root
user
is
omnipotent
omniscient.
A
They
can
do
everything
on
the
host
because
they
must
be
able
to
debug
turn
things
on
and
off
as
necessary,
so
we're
exploiting
something
that
is
by
design,
but
we're
going
under
the
covers.
Let's
see
what's
there,
there
are
plenty
of
things,
and
it's
not
really
that
visible.
So,
let's
try
once
more
okay,
so
we
can
see
that
we've
got
lots
of
certificates
and
keys
and
all
this
kind
of
thing.
But
what
are
we
actually
looking
for?
A
A
Okay,
because
the
network
went
down
at
that
point,
okay,
let's
try
that
again.
Okay,
so
we've
got
some
aws
keys
that
have
magically
appeared.
Wonderful,
thank
you
configuration
okay.
So
what
does
this
mean?
This
means
that
an
operator,
an
automated
operator
or
some
process
inside
the
cluster
needs
these
keys.
To
do
a
thing.
Maybe
it's
a
special
version
of
auto
scaling.
Maybe
it's
to
run
terraform,
maybe
it's
to
deploy
us
three
buckets
in
an
ad
hoc
fashion
or
some
other
crazy
version
of
that.
So
what
can
we
do
with
these?
A
If
we
put
data
classification,
if
you
put
sensitive
and
unsensitive
data
on
the
same
cluster,
the
unsensitive
data
will
be
less
well
secured
in
our
threat
model
and
if
we
can
break
out
onto
the
host,
we
can
potentially
get
access
to
the
more
sensitive
data,
so
cloud
account
takeover.
This
is
ultimately
what
happens.
No
operators
were
hurt
in
the
making
of
this
gif.
What
are
we
going
to
do
we're
going
to
exploit
those
stolen
credentials?
A
A
A
Uh-Oh,
this
is
a
canary
token.
That
means
that
the
owner
of
this
token
has
been
notified.
That
this
token,
that
was
left
like
a
honeypot
in
the
cluster
has
been
used.
It
should
never
be
used
because
it's
not
a
real
token,
but
it's
left
there
in
order
to
tempt
an
attacker
like
captain
hash
jack,
to
enumerate
and
explore
what
it
is
all
I've
done.
There
is
try
and
identify
my
caller
identity.
It's
a
simple
call
to
understand.
A
What's
the
name
of
this
thing,
could
it
give
me
further
permissions
instead
of
just
brute
forcing
every
permission
set?
I
want
to
do
a
targeted
check
to
see
maybe
it's
s3
related.
Maybe
it's
got
ion
permissions,
but
a
canary
token
will
go
off
like
a
christmas
tree
like
an
alarm
bell.
These
are
scattered
across
everything
that
I've
ever
touched.
A
Okay,
where
am
I
okay?
So
what's
next,
there
are
lots
and
lots
of
different
ways
to
be
breached
in
a
kubernetes
system,
from
the
application
workloads
all
the
way
through
the
class
configuration
and
deployment.
Once
again,
this
is
where
our
pod
attack
map
comes
in
handy
by
thinking
about
how
we
logically
enumerate
these
things.
We
don't
need
to
just
run
tooling,
that's
very
loud
and
noisy.
We
can
instead
be
more
selective.
A
Container
security,
tooling,
will
alarm
or
alert
when
unusual
or
non-standard
behavior.
That's
what
I'm
looking
for
it
fires
off
so
doing
this
in
a
more
structured
approach,
is
a
more
stealthy
and
silent
way
of
doing
it.
This
is
what
control
plane
do
for
a
living
if
you're
interested
by
these
things
do
please
come
and
talk
to
us
and
with
that.
Thank
you
very
much
for
your
attention.