Last week, I had the privilege of speaking at Security BSides Northern Virginia (BSidesNoVA) —
an event that perfectly represents what I love about the cybersecurity community: curiosity, openness, and
the drive to make complex topics accessible.
🔐 “I Own Your Cluster” – Taking Over AWS EKS with a Chain Attack
In my talk, “I Own Your Cluster – Taking Over AWS EKS with a Chain Attack,” I presented research
revealing how attackers can chain together cloud-native weaknesses to compromise AWS EKS clusters.
These flaws, which exist by default in many environments, break the pod isolation
mechanism found in standard open-source Kubernetes, exposing thousands of clusters through
misconfigured roles and metadata access paths.
This attack leverages previously unknown vulnerabilities I discovered in the way AWS EKS handles
role permissions, pod isolation, and instance metadata,
allowing attackers with limited access to escalate privileges and gain full control of Kubernetes nodes and clusters.
It’s a vivid reminder that convenience and scalability must never come at the expense of
security by design.
If you’re interested in the full technical breakdown and proof-of-concept, it’s available here on my website.
🧑💻 The Energy of BSidesNoVA
BSides events always have a special energy, a mix of technical collaboration, and genuine passion for security.
This year’s Northern Virginia, USA edition was no exception: packed rooms, great talks, live demos, and
the kind of hallway conversations that often spark the next big idea.
One of my favorite moments was meeting John Hammond, who delivered an inspiring keynote that perfectly
captured the essence of this community – creativity, and knowledge-sharing.
Getting the chance to chat with him afterward was a highlight of the conference.
John’s passion for teaching and community growth is truly motivating, and his impact on cybersecurity education can’t be overstated.
🎭 A Surreal Moment: 10 Years of Mr. Robot
Outside the conference, I had a once-in-a-lifetime experience attending the 10-Year Anniversary of Mr. Robot –
the award-winning series that redefined how hacking and hackers are portrayed.
For many of us in the cybersecurity world, Mr. Robot wasn’t just entertainment – it was recognition.
It showed the human side of hacking: the curiosity, loneliness, idealism, and moral struggle that come with focusing too in one life domain too deeply.
The show managed to do no other could, to blend technical accuracy with emotional storytelling,
using real tools, real commands, and a realistic mindset.
During the event, a few people from the crowd were invited on stage- and I happened to be one of them.
Standing there, surrounded by others who had been equally shaped by the show, felt surreal.
And then came the highlight, seeing and thanking Rami Malek in person.
His portrayal of Elliot Alderson remains one of the most authentic and powerful performances in modern television.
He made the hacker experience human, fragile, and real.
It’s no surprise that his career soared afterward, earning him an Oscar for Bohemian Rhapsody
and recognition as one of the most talented actors of his generation.
🙏 Gratitude and Takeaways
This trip was about more than giving a talk – it was about connection.
Connection to people, to ideas, and to the inspiration that got many of us into cybersecurity in the first place.
A huge thanks to all the attendees, organizers, and volunteers who made BSidesNoVA such an inspiring experience,
and a special thanks to my friends Matan Ofri and Ortal Golzar, who traveled all the way to support me.
You made it unforgettable.
From presenting new vulnerabilities on stage to standing where Mr. Robot once inspired a generation.