When YAML Fights Back: My Runtime Security Talk at BSides

I gave a talk at BSides Las Vegas where we blocked a live threat right in the middle of a reverse shell attempt. With defense in depth of all things. Well, not live, but there were screencaps!

The talk focused on preventing attacks in Kubernetes using policy-as-code tools like Kyverno and KubeArmor. No “AI for runtime.” Just a vulnerable Flask app, an RCE payload, and enforcement policies that shut it down cold.

Here’s a quick look back at the process and experience of the talk. This is less about the content that you can grab here. Ignore the excess commits to fix Markdown and other issues in the README.

btw you can see it right at the beginning here

---

What the talk covered

The core idea was simple: show how sad Kubernetes workloads can be blocked and then have the capability to squash the leftover bad behavior. All of this was done with open source tools anyone can try.

The scenario started with a deliberately vulnerable Flask app (very contrived, but I think interesting nonetheless), running in a misconfigured pod with:

• The root user inside the container
• A NodePort service exposed
• And a neat little OS command injection bug

From there, I walked through a simulated attack chain: Attacker hits the exposed app ➝ gains shell access ➝ attempts the usual container hackery.

But then we stopped it at two key stages:

• At admission: Kyverno blocked the insecure pod from even deploying if it ran as root. No, you don't...
• At runtime: KubeArmor enforced syscall-level restrictions via LSMs.

This wasn’t abstract. The talk was built around a live lab, with policies, manifests, and attack steps running in a real cluster. Don't judge the actual apps and manifests too harshly.

---

The Prep

The prep took a hella long time, probably because I completely overthought it. Going through the CFP was actually lightning quick, I had it done in a few days. I submitted it with little expectation of being selected. But on a Friday I found out I was selected. Felt good for a bit until I realized I actually had to flesh out a talk and slides.

It was through BSides Proving Grounds, which provided me an opportunity to have a mentor. Jimmy Shah was totally awesome and encouraging. He never told me what to do, but rather helped me when I was a bit off.

Sequence of Events:

• Developed and submitted CFP in May
• Finished slides (mostly) in June
• Spent ages rehearsing and revising
• Day before BSides did a dry run with a few folks and got great feedback on the last day (literally)

No gambling the night before, just beer, of course.

---

The Live Experience

This was the first time I delivered a self-crafted talk in a room of at least 30. I had spent days circulating the talk in my head. Trust me, I could hardly keep it from entering my dreams.

I spent quite a bit of time on this and went back and forth on a lot of things. But I think I came to something that worked at the end.

A few things stood out:

• You lose the nerves once you start talking. For the entire 25+ minutes (yes I was probably long) I felt fine, despite the occasional stumble and repetition.

• I felt good because I believe the content is good and I did something right in my wheelhouse.

• It wasn't the crowd that knew Kubernetes like the folks at KubeCon, but I think with my proper anchors it made sense (got this feedback from a few K8s amateurs).

• It wasn't a cool talk, like those with awesome ways to make iPhones cool again, but I think it was just enough.

---

The End

Once it was done, like the second after, I felt a huge relief. I won't watch it for a little while just to make sure I don't judge my cringy talk too harshly. Later I got to meet some really cool people and became known as the Kubemaster (definitely need a less praiseworthy handle). It was a great experience and I would encourage anyone who has not done something like this to give it a shot. Anyone reading this probably has better ideas. If anyone has made it this far, I hope to have the chance to do it again, but that will require some original thoughts. Back at you Red Bull Racing.