About the Speaker

In Zero Trust environments, machine identity is as critical as human identity. SPIFFE and SPIRE have emerged as the standard for workload authentication across Kubernetes and cloud-native systems. But what happens when those trust assumptions meet real-world attacker conditions?

This session reveals how attackers can bend SPIFFE’s identity model without “breaking” it. We’ll explore techniques such as selector spoofing and overlapping identity definitions, all of which allow an adversary to impersonate workloads and pivot across a cluster. Using a custom open-source tool, Spooffe, we’ll demonstrate how a privileged container or host-level foothold can harvest SVIDs and keys, enabling lateral movement and identity hijacking.

Attendees will leave with a deep understanding of SPIFFE’s trust boundaries, attacker playbooks, and practical defenses to harden SPIRE deployments against identity abuse in the wild.

Eviatar Gerzi is a Principal Security Researcher at CyberArk Labs, where he specializes in discovering emerging attack techniques and translating them into practical security insights. His work focuses on identity security (both machine and user identity), as well as DevOps and infrastructure-level threats. He has presented at leading conferences such as RSA, TyphoonCon, BlackHat and Insomni'hack, and has released several open-source tools for offensive and defensive research. Prior to CyberArk, Eviatar focused on Windows internals and malware reverse engineering.