Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates.
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146233
![Splunk [Enterprise Security] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/926921/logo_300x300.png){kind=logo}
View all episodes
