In zero trust environments, machine identity is as critical as human identity. While SPIFFE and SPIRE are widely used for workload authentication in Kubernetes and cloud-native systems, their trust assumptions can be exploited in real-world conditions.

This session explores how attackers manipulate identity models - without breaking them - through techniques like selector spoofing, overlapping identities, and SVID/key extraction. Using the open-source tool Spooffe, Eviatar Gerzi, principal security researcher at CyberArk, will demonstrate how adversaries with privileged access can impersonate workloads and move laterally across clusters. 

In this session, you will learn:

• Exploiting SPIFFE trust assumptions through selector spoofing and identity overlap;
• Leveraging privileged access to harvest SVIDs and enable lateral movement;
• Strengthening SPIRE deployments to defend against workload identity attacks.