Hunting compromised software dependencies inside Kubernetes workloads

This practical, hands-on session covers Kubernetes incident response. Moving beyond theory, it uses a live workshop to hunt threats in real time.

The workflow:
• A container intentionally "poisoned" with dummy dependencies will be launched into a Kubernetes workload.
• The pod will contain several high and critical vulnerabilities.
• The session will pivot to detection by scanning malicious dependencies against the OpenSSF Malicious Packages API.
• Data sources such as CVSS and EPSS, along with information from CISA's KEV index and Exploit Database, will be used to identify examples of weaponized scripts actively targeting the environment.

Participants will learn to programmatically unmask hidden malicious packages inside a cluster. This is essential for platform engineering teams looking to develop secure workflows.