Kubernetes is a powerful set of abstractions, but it's flexibility and configurability means it's pretty insecure by default. In this hands on talk, I'll show how an attacker can expand the blast radius of an exploit from a vulnerable web application in a container to owning the entire cluster. I'll also cover some ways in which you can prevent this happening to you !