Hacking and Securing Kubernetes Clusters | Nullcon Berlin 2022

Trainer Name: Madhu Akula

Title: Hacking and Securing Kubernetes Clusters

Dates: April 5, 2022 To April 7, 2022

Time: 9 a.m. To 5:30 p.m. CEST

Venue: NH Hotel, Alexanderplatz, Berlin-Germany




Note: Regarding COVID-19 safety, Nullcon will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Nullcon will follow all applicable health regulations required by the local and government authorities.

Training Objective

Containers and Kubernetes are everywhere. We can see the use of Kubernetes in production increased exponentially. Still, most of the security teams struggle to understand these modern technologies.

In this training, we will see both sides (offensive & defensive) of the coin by learning tactics, techniques, and procedures (TTPs). We will start with understanding architecture and its attack surface. Then we will dive into each layer of security starting from the supply chain, infrastructure, runtime, and many others.

From an attacker's perspective participants are able to assess and attack Kubernetes Cluster environments to gain access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments. Also, we will be using the offensive knowledge to build and design secure cluster environments using secure defaults, RBAC, NSP, PSP(deprecating so we may see using OPA), and many other built-in and open-source components.

Training level: Intermediate

Training outline

  • Introduction to Kubernetes
  • Kubernetes 101 - Fasttrack Edition
  • Exploring the cluster with kubectl
  • Architecture and Attack Surface
  • Threat modeling cluster components and services
  • Exploiting Kubernetes security misconfiguration and insecure defaults
  • Escaping out of the container to host systems and nodes
  • Bypassing NSP and gaining unauthorized access to other microservices
  • Lateral movement from container to node and then complete cluster access
  • Escalating from ServiceAccount to more RBAC privileges (No least privileges)
  • Escalating privileges to gain access to the private registry
  • Exploring the Kubernetes Cluster using Hacker Container
  • Gaining access to sensitive data, logs, and resources
  • Persisting in the clusters using Sidecar/Cronjob/DaemonSets
  • Defense evasion techniques for Kubernetes Cluster environments
  • Review Kubernetes cluster with Docker and Kubernetes CIS benchmarks
  • Auditing and evaluating the Kubernetes cluster security maturity using opensource utilities and resources
  • Securing the possible cluster components and configurations
  • Implementing security guard rails at different layers (Development, CI/CD, Runtime, Continous)
  • Implementing NSP (network security policies)
  • Creating least privileged roles and understanding RBAC
  • OPA (Open Policy Agent) to evaluate and monitor for policy violations
  • Logging and Monitoring for continuous security visibility
  • Resources, References, and Further learning

What to bring

  • Laptop with a modern browser and access to wireless internet connectivity
  • Trainer will provide each student their own Kubernetes Cluster environment in the cloud environment

Training prerequisites

  • Fundamental knowledge of Linux, CLI, Servers, and its configuration
  • Basic knowledge of using Docker containers
  • Familiarity with cluster environments like Kubernetes would be useful (we will cover the FastTrack version in our training)

Who should attend?

  • Security Engineers, Penetration Testers, and Security Architects
  • Red & Blue Teams, who wish to see both offensive and defensive side
  • Cloud, SRE, DevOps, and DevSecOps teams
  • Anyone interested in learning more about Kubernetes Security

What to expect?

  • Completely hands-on driven training (except where concepts introduced)
  • Step by step detailed learning guide for the entire training
  • Lot of real-world experience, examples, knowledge, and scenarios
  • Resources and references for further your learning about Kubernetes Security

What attendees will get

  • Custom built Kubernetes Cluster environment (everyone gets their own)
  • Step by Step Digital Guide book for the entire training
  • Private Slack Channel for next 30 days for any questions & discussions
  • Kubectl cheatsheet, Checklist of tools, and other resources

About the Trainer

Madhu Akula is the creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also publishedauthor and Cloud Native security researcher with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Nativecommunities (null, DevSecOps, AllDayDevOps, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified KubernetesAdministrator), etc.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26 & 27), BlackHat USA (2018 & 19),USENIX LISA (2018 & 19), O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19 & 20), DevSecCon (London,Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon (2018, 19), SACON 2019, Serverless Summit, null and multiple others

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe,etc, and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which islisted as a technical resource by Red Hat Ansible. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+engineering teams.