Course Schedule
2 Day DOJO from March 18 (Monday) to March 19 (Tuesday).
The Attendance Options are to be determined.
On-Line attendance ONLY
The above details are subject to change without notice.
Last updated Feb. 13, 2024.
Course Abstract
Learn how to attack and defend Kubernetes, Linux and containers from Jay Beale, the creator of Bastille Linux, the Center for Internet Security’s first Linux security benchmark, and two Kubernetes tools: the Peirates attack tool and the Bust-a-Kube CTF cluster. In this fully hands-on course, you’ll get access to our cloud training environment, where you’ll have a Kali Linux system filled with capture-the-flag (CTF) virtual machines and a Kubernetes cluster, which you will attack and defend.
This training focuses on giving you practical attack skills from real penetration tests, coupled with solid defenses to break attacks. Every single topic in the class has a long attack exercise, where you use Kali Linux to attack Kubernetes and containerized programs, and a matching short defense exercise, where you will use new skills to break that attack, confident that it will break other attacks. In this well-reviewed class, we attack the container orchestration system, Kubernetes, along with the Linux operating system and containers that make it up!
We begin with a technical introduction to Kubernetes and containers. We learn how to work with container runtimes, hands-on, and then learn the beginnings of container breakout. We then take a deep dive into Kubernetes security measures, starting with authorization, before our next lab: a multi-step Kubernetes cluster compromise. The class continues in this fashion: concepts, then attack, then defense. In all, there are 14 lab exercises, including MitM attacks, node compromises, and cluster-to-cloud-to-cluster compromise.
Our defense work will include: authorization settings, role-based access control, network policies, pod security standards, and the Kyverno admission controller. These will enable and enforce the powerful technologies we’ve learned: AppArmor, SecComp, and root capability dropping. We’ll see how both on-prem and cloud-based clusters can be attacked, attack our own clusters, and then harden those Kubernetes clusters to break our attacks.
Course Pre-requisites
To take this class, you should be comfortable with a Linux command line and should have some understanding of a Linux system at a user level.
You do not need experience in containers or Kubernetes to take this class.
Course Learning Objectives
Gain practical attack skills to compromise Kubernetes and containers.
Learn to proactively defend Kubernetes and containerized workloads.
Course Agenda
We will cover each of the following, including exercises:
Cloud Native Attack and Defense
Attacking Public Cloud Services
Advanced Privilege Escalation, including via Linux Capabilities and Namespaces
Container Breakout and Kubernetes Node Attacks
Container Profile Enforcement with AppArmor, Seccomp, and Capability Restriction
Ingresses with ModSecurity WAF functionality
Docker/Container Run-time Attack and Defense
Kubernetes RBAC – Attack and Defense
Kubernetes Secrets Abuse and Protection – Attack and Defense
Kubernetes Internal Firewalling
Kubernetes Admission Control: Kyverno and Pod Security Standards
Attacking Public Cloud Environments to Compromise Kubernetes
The Peirates Attack tool
Hardware Requirements
You will need your own computer, from which you’ll access the cloud environment via a browser.
Software Requirements
All of our labs happen via a cloud environment, which you access via a web browser. Your operating system must support a HTML5-capable browser, with which you’ll access the cloud environment.
About the Instructor: Jay Beale
Jay Beale works on Kubernetes and cloud native security, both as a professional threat actor and as a co-lead of the Kubernetes project's Security Audit working group. He's the architect and a developer on the Peirates attack tool for Kubernetes. In the past,Jay created two tools used by hundreds of thousands of individuals, companies and governments, Bastille Linux and the Center for Internet Security's first Linux/UNIX scoring tool. He has led training classes on Linux security and Kuberntes at the Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training, since 2000. As an author, series editor and speaker, Jay has contributed to nine books and two columns and given over one hundred public talks. He is CTO of the information security consulting company InGuardians.