Attacking & Auditing Docker Containers & Kubernetes Clusters - Agenda

  • Introduction
    • About the trainer
    • Disclaimer
    • Agenda
  • Environment Setup
    • Importing Virtual Machines
    • SSH into machines from your host
    • Common troubleshooting steps
  • Docker Quick start
    • docker run
    • Dockerfile
    • docker management
  • Docker Advanced Concepts
    • docker-compose wordpress
    • docker volumes and networks
    • docker swarm
    • Portainer
  • Attacking Insecure Volume Mounts
    • Scenario
    • Solution
  • Learning More about
    • Namespaces
    • Capabilities
    • Control Groups
  • Attacking docker misconfiguration
    • Scenario
    • Solution
  • Auditing Docker containers and images
    • Docker images and containers
    • Scenario
    • Solution
  • Auditing Docker networks and volumes
    • Docker volumes and networks
    • Scenario
    • Solution
  • Docker integrity checks
  • amicontained - Introspection tool
  • Attacking & Auditing Docker Runtime & Registries
    • Docker runtime endpoints
    • Docker registries
  • Attacking container capabilities
    • Scenario
    • Solution
  • Linux Security Module - Apparmor nginx profile
  • Attacking swarm cluster secrets
    • Scenario
    • Solution
  • Attacking private registry images
    • Scenario
    • Solution
  • Docker bench security audit
  • Container Security Monitoring
    • Docker logging
    • Docker Events
    • Sysdig Faclo
  • Kubernetes Environment Setup
    • Import VM
    • Internet Check
    • Configure kubectl
  • Kubernetes 101
    • Getting Started with Kubernetes
    • Introduction to Kubernetes
    • Kubernetes Overview
    • The Illustrated Children's Guide to Kubernetes
    • Understanding Kubernetes specific technical terms
    • kubectl usage for pentesters
  • Deploying simple application in Kubernetes Cluster
    • Using yaml manifest
    • Using helm chart
  • Scenario-1 - Exploiting Private Registry via Misconfiguration
    • Scenario
    • Solution
    • Discussion
  • Scenario-2 - Attacking Kubernetes Cluster Metadata using SSRF vulnerability
    • Scenario
    • Solution
    • Discussion
  • Scenario-3 - Testing for the sensitive configurations and secrets in Kubernetes cluster
    • Scenario
    • Solution
    • Discussion
  • Scenario-4 - Docker escape using Pod Volume Mounts to access the nodes and host systems
    • Scenario
    • Solution
    • Discussion
  • Scenario-5 - Attacking applications in different namespaces in Kubernetes cluster
    • Scenario
    • Solution
    • Discussion
  • Scenario-6 - Attacking Helm tiller without RBAC setup
    • Scenario
    • Solution
    • Discussion
  • Auditing Kubernetes Clusters with CIS Benchmarks using kube-bench
  • Kubernetes resources security scoring using kubesec.io
  • Kube-hunter to do analysis of the cluster for security concerns
  • Kubeaudit to audit the cluster with detailed results
  • Logging and Monitoring for security events
  • Security checks for events using Sysdig Falco - Automated Defense (DEMO Only)
  • Advanced Scenario - Exploiting Kubernetes API Server Vulnerability CVE-2018-1002105 (DEMO Only)
  • Fun Learning About Kubernetes
    • Contained.af
    • Play with Docker
    • Katacoda Docker Security
    • Play with Kubernetes
  • Popular Attacks
    • Dockerhub 190k accounts
    • Cryptojacking using public docker containers
    • Dockerhub known vulnerable images
    • BSidesSF CTF cluster pwn
    • Shopify metadata to cluster pwn
  • References & Resources