Breaking and Pwning Docker Containers and Kubernetes Clusters

Abstract

An organization using micro services or any other distributed architecture rely heavily on containers and orchestration engines like Kubernetes and as such its infrastructure security is paramount to its business operations. This workshop will focus on how attackers can break into docker container and Kubernetes clusters to gain access, escalate privileges to infrastructure by using misconfigurations and application security vulnerabilities. Trainer will share examples of real world security issues found in penetration testing engagements to showcase mapping of the attack usually happens in the real world.

By the end of workshop participants will be able to:

  • Understand Docker and Kubernetes security architecture
  • Attack & Audit containerised infrastructure for security vulnerabilities and misconfigurations
  • Learn from these scenarios how they can assess their environments and fix them before attackers gain control over their modern infrastructure
  • Learn commonly used tools, techniques and procedures (TTPs) for cloud native infrastructure

Prerequisites:

  • Basic knowledge of using the Linux command line
  • System administration basics like servers, applications configuration and deployment

Familiarity with container environments like Docker would be useful

Materials:

  • GCP free trail account (https://cloud.google.com/free)
  • A laptop with administrator privileges
  • At least 8GB of RAM, 10GB of Disk space free on the system for VM
  • Laptop should support hardware-based virtualization, Install Oracle - VirtualBox 6.x and verify it can run a 64-bit operating system. (Other virtualization software might work but we will not be able to provide support for that.)
  • USB Ports for copying VM and course content (docs, scripts, etc.)

Date
Thursday, 15 Aug 2019 00:00 UTC
Event
OWASP Bay Area Meetup
Location
Adobe - San Francisco, 601 Townsend St, San Francisco, CA, 94103, USA
Madhu Akula
Madhu Akula
Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.