Attacking and Auditing Docker Containers and Kubernetes Clusters

Course outline

• Student training lab setup
• Docker Quick Start
  • Getting started with Docker
  • Docker run
  • Dockerfile
  • Docker Management
• Docker Advanced Concepts
  • Docker-compose
  • Docker volumes and networks
  • Docker swarm
  • Portainer
• Namespaces
• Capabilities
• Control Groups
• Scenarios
  • Exploiting docker misconfiguration
  • Attacking Docker Images and Containers
  • Auditing Docker Images and Containers
  • Attacking Private Registry
  • Attacking Docker Volumes and Networks
  • Auditing Docker Volumes and Networks
  • Attacking Container Capabilities
  • Exploiting docker swarm cluster secrets
• Docker Integrity Checks
• Container introspection tool - amicontained
• Auditing docker container runtime
• Auditing docker container registries
• LSM - Apparmor Nginx Profile
• Docker Bench Security Audit
• Container Logging and Monitoring
  • Docker Logging
  • Docker Events
• Kubernetes Cluster environments setup
• Kubernetes 101
  • Getting started with Kubernetes
  • Introduction to Kubernetes
  • Overview & Technical Terms
  • kubectl usage for pentesters
• Deploying simple application in Kubernetes cluster
  • Using YAML manifest
  • Using helm chart
• Scenarios
  • Exploiting Private Registry via Misconfiguration
  • Attacking Kubernetes Cluster Metadata using SSRF vulnerability
  • Testing for the sensitive configurations and secrets in Kubernetes cluster
  • Docker escape using Pod Volume Mounts to access the nodes and host systems
  • Attacking applications in different namespaces in Kubernetes cluster
  • Attacking Helm tiller with default RBAC setup
• Auditing Kubernetes
  • kube-bench
  • kubesec.io
  • kube-hunter
  • kubeaudit
• Logging and Monitoring for Security Events
  • Logging and Monitoring
  • Security checks for events using Sysdig Falco (DEMO Only)
• Advanced Scenario
  • Exploiting Kubernetes API Server Vulnerability CVE-2018-1002105 (DEMO Only)
• Popular Attacks around Docker and Kubernetes eco system
• Resources and References

What to bring?

• At least 8 GB of RAM, 10GB of disk space free on the system
• Laptop should support hardware-based visualization
  • If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
  • Other visualization software might work but we will not be able to provide support for that
• Network Connectivity or USB Ports for copying data
• Trainer will provide the VM and dedicated Kubernetes cluster configuration for each student with administrative access to have a hand-on experience during the training

Prerequisites

• Basic knowledge of using the Linux command line
• System administration basics like servers, applications configuration and deployment
• Familiarity with container environments like Docker would be useful

Who Should Attend?

• Penetration Testers, Security Engineers and Bug bounty hunters
• System administrators, DevOps and SecOps Teams
• Anyone interested in the container infrastructure security

What to expect?

• Complete hands-on training with a practical approach and real-world scenarios
• Ebooks of the training covering all hands-on in a step by step guide (HTML, PDF, EPub, Mobi)
• Git repository of all the custom source code, scripts, playbooks used during the training
• Resources and references for further learning and practice

What not to expect?

• A lot of hand holding about basic concepts already mentioned in the things you should be familiar with
• A lot of theory. This is meant to be a completely hands-on training!!
• To become an accomplished DevOps or containers expert