๐ โI Own Your Clusterโ – Taking Over AWS EKS with a Chain Attack
In my talk, โI Own Your Cluster – Taking Over AWS EKS with a Chain Attack,โ I presented research revealing how attackers can chain together cloud-native weaknesses to compromise AWS EKS clusters. These flaws, which exist by default in many environments, break the pod isolation mechanism found in standard open-source Kubernetes, exposing thousands of clusters through misconfigured roles and metadata access paths. This attack leverages previously unknown vulnerabilities I discovered in the way AWS EKS handles role permissions, pod isolation, and instance metadata, allowing attackers with limited access to escalate privileges and gain full control of Kubernetes nodes and clusters. Itโs a vivid reminder that convenience and scalability must never come at the expense of security by design. If youโre interested in the full technical breakdown and proof-of-concept, itโs available here on my website.
๐งโ๐ป The Energy of BSidesNoVA
BSides events always have a special energy,ย a mix of technical collaboration, and genuine passion for security.
This yearโs Northern Virginia, USA edition was no exception: packed rooms, great talks, live demos, and
the kind of hallway conversations that often spark the next big idea.
One of my favorite moments was meeting John Hammond, who delivered an inspiring keynote that perfectly
captured the essence of this community – creativity, and knowledge-sharing.
Getting the chance to chat with him afterward was a highlight of the conference.
Johnโs passion for teaching and community growth is truly motivating, and his impact on cybersecurity education canโt be overstated.
ย
๐ญ A Surreal Moment: 10 Years of Mr. Robot
Outside the conference, I had a once-in-a-lifetime experience attending the 10-Year Anniversary of Mr. Robotย –
the award-winning series that redefined how hacking and hackers are portrayed.
For many of us in the cybersecurity world, Mr. Robot wasnโt just entertainment – it was recognition.
It showed the human side of hacking: the curiosity, loneliness, idealism, and moral struggle that come with focusingย too in one life domain too deeply.
The show managed to do no other could, to blend technical accuracy with emotional storytelling,
using real tools, real commands, and a realistic mindset.
During the event, a few people from the crowd were invited on stage- and I happened to be one of them.
Standing there, surrounded by others who had been equally shaped by the show, felt surreal.
And then came the highlight, seeing and thanking Rami Malek in person.
His portrayal of Elliot Alderson remains one of the most authentic and powerful performances in modern television.
He made the hacker experience human, fragile, and real.
Itโs no surprise that his career soared afterward, earning him an Oscar for Bohemian Rhapsody
and recognition as one of the most talented actors of his generation.
Mr Robot Trailer
๐ Gratitude and Takeaways
This trip was about more than giving a talk – it was about connection. Connection to people, to ideas, and to the inspiration that got many of us into cybersecurity in the first place. A huge thanks to all the attendees, organizers, and volunteers who made BSidesNoVA such an inspiring experience, and a special thanks to my friends Matan Ofri and Ortal Golzar, who traveled all the way to support me. You made it unforgettable. From presenting new vulnerabilities on stage to standing where Mr. Robot once inspired a generation.