All Roads Lead to GKE's Host: 4+ Ways to Escape
Four distinct escape paths from Google Kubernetes Engine pods to the underlying host — a study in how container isolation assumptions break down.
DEF CON 30
Talk delivered at DEF CON 30 (Las Vegas, August 2022). The research catalogues four independent escape paths from Google Kubernetes Engine (GKE) pods to the host node, covering privilege escalation through misconfigured admission controllers, kernel vulnerabilities, and GKE-specific attack surfaces. The findings were responsibly disclosed to Google.