Loading…
Attending this event?
In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Simple
Expanded
Grid
By Venue
🪧 Poster Sessions clear filter
Wednesday, November 13
 

6:00pm MST

🪧 Poster Session: 0.0.0.0 Day: Exploiting Localhost APIs from the Browser - Avi Lumelsky, Oligo
Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
Browser-based attacks are not new in the malicious landscape of attack patterns. Browsers remain a popular infiltration method for attackers.  While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks. In this live demo and attack simulation we’ll unveil a zero-day vulnerability (still under responsible disclosure) in Chrome and other browsers, and how we use the 0-day to attack developers behind firewalls. We will demonstrate remote code execution on a wildly popular open-source platform serving millions in the data engineering ecosystem, that seems to run on localhost. In our talk, we will present novel attack techniques, targeting developers and employees within an organization, that are behind firewalls. This will be a first-ever deep dive into this newly discovered zero-day vulnerability.
Speakers
avatar for Avi Lumelsky

Avi Lumelsky

AI Security Researcher, Oligo
Avi has a relentless curiosity about business, AI, security—and the places where all three connect. An experienced software engineer and architect, Avi’s cybersecurity skills were first honed in elite Israeli intelligence units. His work focuses on privacy in the age of AI and... Read More →
Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
  🪧 Poster Sessions, Security

6:00pm MST

🪧 Poster Session: Unveiling Anomalies: eBPF-Based Detection in High-Volume Encrypted Network Traffic - Ben Smith-Foley, Rensselaer Center for Open Source
Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
The increased use of encryption in network traffic presents a significant challenge for traditional network monitoring and security tools. As encrypting traffic becomes the norm, so does the need for advanced methods to detect malicious activities hidden within encrypted traffic. This poster will focus on how eBPF can be utilized to gain early observability into incoming packets by capturing and analyzing metadata before packets are fully processed, and how eBPF offers a unique vantage point for identifying anomalies in real-time. It will discuss methods to detect abnormal patterns, the design of the eBPF programs used, and the integration of these programs into a broader monitoring framework. The insights from this research have the potential to significantly enhance network security by providing a scalable and efficient solution for monitoring network traffic without compromising privacy. Attendees will gain an understanding of the practical applications of eBPF in network security.
Speakers
avatar for Ben Smith-Foley

Ben Smith-Foley

University Student, Rensselaer Center for Open Source
Ben is a senior at Rensselaer Polytechnic Institute studying Computer Science with a concentration in Systems and Software. He is currently conducting undergraduate research in "Anomaly Detection in High-Volume Encrypted Network Traffic", helps lead the Rensselaer Center for Open... Read More →
Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
  🪧 Poster Sessions, Security
  • Content Experience Level Any

6:00pm MST

🪧 Poster Session: What's Happening with SPIFFE and WIMSE? - Daniel Feldman, Qusaic
Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
This session will be a very brief overview of what's going on with the SPIFFE and WIMSE identity standards projects. SPIFFE is a CNCF effort to standardize workload identity implementations. That is, a SPIFFE implementation can grant services unique identities and credentials. WIMSE is an IETF effort to build on the SPIFFE foundation. In particular, it adds a new, unique token format that allows securely recording multi-hop identity information. Implementors will be able to use this token format to build complete, end-to-end, cryptographically auditable identity records.
Speakers
avatar for Daniel Feldman

Daniel Feldman

Founder, Qusaic
Daniel Feldman has worked with many companies, large and small, to deploy SPIFFE and SPIRE zero-trust identity.
Wednesday November 13, 2024 6:00pm - 8:00pm MST
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
  🪧 Poster Sessions, Security
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Monday, November 11
Tuesday, November 12
Wednesday, November 13
Thursday, November 14
Friday, November 15
200 South Entrance (South)
Carson Kitchen
Hilton Salt Lake City Center
Hilton Salt Lake City Center - Canyon Conference Room
Hyatt Regency | Level 2 | Salt Lake Ballroom A
Hyatt Regency | Level 2 | Salt Lake Ballroom B
Hyatt Regency | Level 2 | Salt Lake Ballroom CDE
Hyatt Regency | Level 4 | Regency Ballroom A
Hyatt Regency | Level 4 | Regency Ballroom BCD
Le Meridien Salt Lake City Downtown
Salt Palace | Level 1 | 151
Salt Palace | Level 1 | 155 BC
Salt Palace | Level 1 | 155 EF
Salt Palace | Level 1 | Grand Ballroom ACE
Salt Palace | Level 1 | Grand Ballroom BDF
Salt Palace | Level 1 | Grand Ballroom GI
Salt Palace | Level 1 | Grand Ballroom HJ
Salt Palace | Level 1 | Hall DE
Salt Palace | Level 1 | Halls A-C + 1-5 | Solutions Showcase
Salt Palace | Level 2 | 250
Salt Palace | Level 2 | 250 A-C
Salt Palace | Level 2 | 250 D-F
Salt Palace | Level 2 | 251
Salt Palace | Level 2 | 251 A-F and 254 A-C
Salt Palace | Level 2 | 255 A
Salt Palace | Level 2 | 255 BC
Salt Palace | Level 2 | 255 EF
Salt Palace | Level 3 | 355 A
Salt Palace | Level 3 | 355 D
Salt Palace | Level 3 | 355 EF
Salt Palace | Level 3| 355 BC
Squatters Pub Brewery
TBA
The Little America Hotel
West Temple Entrance (East)
  • 🚨 Contribfest
  • 🪧 Poster Sessions
  • AI + ML
  • Breaks
  • ⚡ Lightning Talks
  • Cloud Native Experience
  • Cloud Native Novice
  • CNCF-hosted Co-located Events
  • Connectivity
  • Data Processing + Storage
  • Emerging + Advanced
  • Experiences
  • Keynote Sessions
  • Maintainer Track
  • Observability
  • Operations + Performance
  • Platform Engineering
  • Project Opportunties
  • Registration
  • SDLC
  • Security
  • Solutions Showcase
  • Sponsor-hosted Co-located Event
  • Tutorials
  • Content Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate