Trainer Name: Madhu Akula

Title: Hacking and Securing Kubernetes Clusters

Duration: 3 Days

Dates: Sept. 6, 2022 To Sept. 8, 2022

Training Objectives

Containers and Kubernetes are everywhere. The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.

In this training, we will see both sides (offensive & defensive) of the coin by learning tactics, techniques, and procedures (TTP). We will start with understanding architecture and its attack surface. Then we will dive into each layer of security starting from the supply chain, infrastructure, runtime, and many others.

From an attacker's perspective participants can assess and attack Kubernetes Cluster environments to gain access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments. Also, we will be using the offensive knowledge to build and design secure cluster environments using secure defaults, RBAC, NSP, Policy Engines, and many other built-in and open source components.

Training level: Intermediate; Advanced

Training Outline

  • Introduction to Kubernetes
  • Kubernetes 101 - Fasttrack Edition
  • Exploring the cluster with `kubectl`
  • Architecture Overview and Attack Surface
  • Threat modeling cluster components and their services
  • Exploiting Kubernetes security misconfiguration and insecure defaults
  • Bypassing namespaces and accessing unauthorized microservices
  • Escaping out of the container to host systems and lateral movement to nodes
  • Escalating privileges to gain access to compromise the private registry
  • Exploring the Kubernetes Cluster using Hacker Container
  • Gaining access to sensitive data, logs, and resources
  • Pwning the cluster by escaping the RBAC privileges
  • Review Kubernetes cluster with Docker and Kubernetes CIS benchmarks
  • Auditing and evaluating the Kubernetes cluster security maturity using open source utilities and resources
  • Securing the possible cluster components and configurations
  • Security guard rails at different layers (Development, CI/CD, Runtime, Continous)
  • Implementing NSP (network security policies) and monitoring using eBPF
  • Defense in depth by creating least privileged RBAC roles
  • Building supply chain security validations using SBOM (Software Bill of Materials)
  • Policy Engines at different layers for evaluation, monitoring, and violations
  • Introduction to Microservices security elements of API Gateway, Service Mesh
  • Logging and Monitoring for continuous security visibility
  • Resources, References, and Further learning

What to Bring?

  • Laptop with a modern browser and access to wireless internet connectivity

Training Prerequisites

  • Fundamental knowledge of Linux, CLI, Servers, and their configuration
  • Basic knowledge of using Docker containers
  • Familiarity with cluster environments like Kubernetes would be useful (we will cover the FastTrack version in our training)

Who Should Attend?

  • Security Engineers, Penetration Testers, and Security Architects
  • Red & Blue Teams, who wish to see both offensive and defensive side
  • Cloud, SRE, DevOps, and DevSecOps teams
  • Anyone interested in learning more about Kubernetes Security

What Attendees will get?

  • A trainer will provide each student with their own Kubernetes Cluster environment in the cloud environment for the training days
  • Step by Step Digital Guide book for the entire training
  • Resources and references for further your learning about Kubernetes Security

What to Expect?

  • Completely hands-on driven training (except where concepts are introduced)
  • Step by step detailed learning guide for the entire training
  • Lots of real-world experience, examples, knowledge, and scenarios

What not to Expect?

  • Already mentioned prerequisites topics like Docker, Containers, System Administration

About the Trainer

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud-Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud-Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), OSCP (Offensive Security Certified Professional), etc.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26,27 & 29), BlackHat USA (2018, 19 & 21), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon (2018, 19, 21), SACON, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.