2026-05-28 –, Main Stage
This session moves beyond initial cluster access to explore a highly stealthy persistence vector: the weaponization of Mutating Admission Controllers. While typically used for security policy enforcement, these controllers can be subverted to inject malicious sidecars or modify pod specs in real-time without altering original deployment manifests. We will demonstrate how an attacker can maintain a "ghost" presence that survives standard audits, image updates, and pod restarts, effectively turning the Kubernetes control plane against itself.
We will perform a live-style technical deep dive into the architecture of a Mutating Admission Webhook attack. The session starts by compromising a cluster and installing a rogue controller that intercepts every CREATE and UPDATE request. We will walk through the logic of injecting a stealthy C2 sidecar that uses the cluster's internal service mesh to hide its traffic. Finally, we will transition to defense, showing how to implement Validated Infrastructure using OPA/Kyverno to ensure only authorized mutations occur, effectively "rebooting" the security posture of the cluster.
What the audience will gain:
Technical Exploit Knowledge: A step-by-step understanding of how admission controllers can be manipulated for persistence.
Detection Strategies: Actionable methods to identify non-standard mutations in high-traffic production environments.
Defense Blueprints: Practical configuration examples for OPA and Kyverno to prevent unauthorized pod mutations.
Nikita Verma is a Platform Engineer and Cloud Native Advocate with over three years of experience building resilient, automated infrastructure. A dedicated open-source contributor, Nikita has worked on core Kubernetes projects and cloud-native automation, including impactful work with Moja Global during an Outreachy internship.
Beyond engineering, Nikita is a passionate educator who has mentored over 10,000 students in Data Structures, Algorithms, and Cloud Native technologies. As an active member of the global tech community, she has shared her expertise at major conferences across the globe, including KubeCon + CloudNativeCon North America 2025 in Atlanta, ContainerDays London, and SeleniumConf Valencia.
With a background that bridges technical engineering and product strategy, Harshita has a unique perspective on scaling complex systems while maintaining a high bar for quality and security. She was awarded the Dan Kohn Scholarship to attend KubeCon EU 2023 and recently co-presented the session "From Noise to Clarity: Humanizing Observability" at KubeCon + CloudNativeCon North America 2025 in Atlanta.
Harshita is an active international speaker, with upcoming engagements at ContainerDays London 2026. Traveling from India, she is passionate about fostering a "Security-First" culture within DevOps teams and advocating for more inclusive, sustainable open-source communities.