In this session we will take a deep dive into Kubernetes lateral movements. We will elaborate about the different identity types used by Kubernetes and how attackers use those identities to escalate their privileges in the cluster and move laterally to external cloud resources. We will explain the various cluster-to-cloud authentication methods in the various cloud providers (AKS, EKS and GKE) and the risks that each one poses. We will show real-world examples of misconfigurations that led to cluster takeovers and explain how they could be prevented.