From Build to Breach: Hacking Kubernetes Through the Supply Chain

About This Session

The next generation of Kubernetes breaches won’t start in your cluster — they’ll start in your build pipeline. In this session, we’ll follow a realistic attack chain that begins with a compromised dependency and ends with a live DNS-based exfiltration inside a Kubernetes cluster. Step by step, through live demos, we’ll see how a single poisoned package can slip through CI/CD, sneak into an image registry, and quietly abuse CoreDNS to leak secrets. Then we’ll flip the script and show how to stop it using open-source, CNCF-hosted tools like Kyverno, Sigstore, and Falco. You’ll leave with a clear mental model of how supply-chain weaknesses evolve into cluster compromises — and a practical checklist of defenses you can apply today.

Speaker

Ali Alp

Distinguished Software Architect · Brainlab

Distinguished Software Architect at Brainlab

Read bio

I am a seasoned Distinguished Software Engineer and Software Architect with over 15 years of experience in IT solutions, spanning both on-premise infrastructures and advanced cloud environments. My passion lies in containerization, virtualization, Kubernetes, and software architecture, and I have been deeply involved in driving cloud transformation projects. As a strong advocate for Linux, I bring extensive knowledge of IT systems, specializing in deploying containerization tools and Kubernetes to improve operational efficiency and scalability. My work focuses on designing resilient, cutting-edge systems that stay ahead of the technological curve.