Name: The CSI Hijack: Default Kubernetes Storage Drivers Exploitation
Start: 2026-04-23T14:25:00+0200
End: 2026-04-23T15:10:00+0200

It is an annual, community-driven information security conference held in Prague. The event provides a platform for cybersecurity professionals, enthusiasts, and researchers to share knowledge, exchange ideas, and discuss the latest trends in the field. It’s a unique opportunity to connect with like-minded individuals, expand professional networks, and stay informed about the ever-evolving cybersecurity landscape.
More info at www.bsidesprg.cz

The CSI Hijack: Default Kubernetes Storage Drivers Exploitation

Thursday April 23, 2026 14:25 - 15:10 CEST

Lucerna Cinema - MAIN

We demonstrate multiple new 0days and insecure defaults in EKS/EKS Auto - AWS kubernetes enabling escalation from Kubernetes access to full AWS account data-plane control + 0day and similar CSI/IAM flaws in AKS and GKE enabling admin-level escalation. We also show control-plane ransomware via CSI.

Speakers

Shaul Ben Hai

Idan Nagar

Karan Bamal

Senior Security Researcher, Offensive Research Team, SentinelOne

Senior Security Researcher @ SentinelOne (Offensive Research Team). Previously @ PingSafe, acquired by SentinelOne for $120M+.

I work on 0-day discovery, EDR/XDR internals, cloud-native attacks (Kubernetes, Azure, AWS), and AI-driven detection research. All hats offensive.

Certs - ... Read More →

Thursday April 23, 2026 14:25 - 15:10 CEST
Lucerna Cinema - MAIN Vodičkova 704 /36/110 00, 110 00 Nové Město

talk

Attendees (61)

View All →

Security BSides Prague 2026

Shaul Ben Hai

Idan Nagar

Karan Bamal

Attendees (61)

Get help with the event

Security BSides Prague 2026

Shaul Ben Hai

Idan Nagar

Karan Bamal

Attendees (61)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Get help with the event