About The Training
Goa 2025 | Trainings
- AI Security: Terminating The Terminator
- Advanced Infrastructure Security Assessment
- Attack and Defend Software Supply Chains
- Azure Cloud Attacks for Red and Blue Teams
- Blocking the Storm: A Hands-On Guide to Hardening and Securing Kubernetes Clusters
- DevSecOps - A Hands-on Experience
- Efficient Malware Analysis: Comprehensive Approach
- HackTheWeb: Pentesting Beyond Basics
- Hacking Android Applications
- IoT Security Bootcamp GOA Edition
- Rapid Threat Model Prototyping (RTMP) - Agile Threat Modeling Mastery including Cloud and AI
- Slaying the RE Dragon: Mastering Reverse Engineering
- The Application Security Tool Stack - How to Discover Vulnerabilities in Software
Blocking the Storm: A Hands-On Guide to Hardening and Securing Kubernetes Clusters
Start Date: Feb 26, 2025
End Date: Feb 28, 2025
Venue: TBA
In this training, we will observe attack patterns and offensive tactics in the Kubernetes ecosystem. As we learn from these insights, our focus will shift to building defenses, hardening, and implementing security best practices across the layers of a Kubernetes cluster. We'll leverage a variety of open-source tools and apply battle-tested methods to secure and safeguard cluster environments. Additionally, we'll use real-world attacks to validate our security measures, demonstrating how our guardrails can detect and prevent them. This is a hands-on training that focuses on hardening and constructing security guardrails at multiple layers of Kubernetes, including native RBAC policies, Network Security Policies (NSP), audit logging, and advanced tools like Kyverno, OPA, and eBPF utilities such as Tetragon, etc.
Intermediate - Advanced
- Kubernetes 101: Fast-Track Introduction
- Introduction to Kubernetes Security Posture Management
- Understanding the Threat Landscape in Kubernetes Environments
- Leveraging MITRE ATT&CK Matrix and D3FEND for Kubernetes
- Threat Modeling Kubernetes and Its Core Components
- Offensive Tactics in Kubernetes: Real-World Attack Scenarios
- Analyzing Attack Patterns and Vulnerabilities in Common Kubernetes Setups
- Layered Security Model for Kubernetes: A Comprehensive Approach
- Implementing Defense-in-Depth with Kubernetes Native Security Mechanisms (RBAC, NSP, etc.)
- Establishing Security Guardrails: Automation and Policy Enforcement
- Policy Enforcement with Open Policy Agent (OPA) and Kyverno
- Enhancing Supply Chain Security with the SLSA Framework
- Infrastructure Hardening and Scanning Using Infrastructure-as-Code (IaC) Tools
- Continuous Improvement through Audit Logging and Monitoring
- Runtime Security and Detection Engineering with eBPF-Powered Tetragon
- Validating Security: Testing and Strengthening Defenses
- Conducting Compliance Audits and Security Benchmarking with CIS Benchmarks and Open-Source Tools (Kubescape, KICS, Checkov, etc.)
- Further Learning: Resources and References
- Laptop with a modern browser, and wireless internet connectivity
- Able to use Linux CLI
- Basic understanding of Containers, Kubernetes
- Security Experience would be a plus
- Blue Teams, Defenders, and Security Engineers
- DevOps, Cloud, SRE, and Platform Teams
- Security and Solutions Architects, Kubernetes Administrators
- Anyone Interested in Learning Defensive Strategies for Kubernetes and Containerized Environments
- Hands-on Expertise in Kubernetes Defense: Students will gain practical, real-world experience in securing Kubernetes environments by implementing hardening techniques, conducting blue team exercises, and performing security assessments to reinforce defense mechanisms against common attacks in containerized environments.
- Advanced Defense Techniques and Vulnerability Mitigation: The course will teach students how to go beyond basic defenses by using defense-in-depth strategies, mitigating complex attack chains, and addressing security risks such as privilege escalation, lateral movement, persistence, and defense evasion through Kubernetes-native tools and configurations.
- Comprehensive Defensive Learning Resources: Participants will receive a complete digital guidebook, hands-on labs, and additional resources designed to strengthen their understanding of defensive strategies and enable continued security improvement and study beyond the course.
- Dedicated Kubernetes Cluster Environment: Each participant receives a custom-built Kubernetes cluster to work with throughout the training.
- Lifetime Access to Lab Files and Setup: Participants will have all lab files and instructions to reproduce the training environment in their own setup, with lifetime access.
- Comprehensive Step-by-Step Digital Guidebook: A detailed guidebook covering the entire training will be provided for easy reference.
- 30-Day Access to Private Slack Channel: Participants can join a private Slack channel for 30 days to ask questions and engage in discussions.
- Kubectl Cheatsheet, Tool Checklist, and Additional Resources: Participants will receive a handy kubectl cheatsheet, a checklist of essential tools, and other valuable resources.
Basics and things already mentioned to be familiar with as this course requires an understanding of Linux CLI & k8s.
Madhu Akula is a pragmatic security leader specializing in product security and cloud-native security. I have created several open-source projects, including Kubernetes Goat, Hacker Container, and tldr.run. I am a frequent speaker and trainer at prestigious events and conferences such as DEFCON, Black Hat, SANS, USENIX, OWASP, Nullcon, All Day DevOps, DevSecCon, and many others. My research has uncovered over 200 vulnerabilities in products and organizations, including Google, Microsoft, AT&T, NTOP, Adobe, WordPress, and GitLab. I am the published author of _Security Automation with Ansible 2_ and a technical reviewer for various books and conferences. I actively contribute to communities like All Day DevOps, Snyk, null, AWS, OWASP, and more. Additionally, I advise startups on building exceptional products and communities, helping them add significant value along the way