Breaking & Pwning Docker Containers and Kubernetes Clusters


This 2 day attack-focused, hands-on training will set you on the path to using common attack techniques against docker, kubernetes, containerized infrastructure. It will help you to learn the approach to follow and the process for testing and auditing containers and Kubernetes clusters. By the end of the training, participants will able to identify and exploit applications running on containers inside Kubernetes clusters with a hands-on approach.

An organization using micro services or any other distributed architecture rely heavily on containers and container orchestration engines like Kubernetes and as such its infrastructure security is paramount to its business operations. This course will set the base for security testers and DevOps teams to test for common security vulnerabilities and configuration weaknesses across containerized environments and distributed systems. It also helps to understand the approach and process to audit the Kubernetes environment for security posture.

  • The focus is on the security aspects of the application and the container infrastructure
  • The participants will learn the common tools and techniques that are used to attack applications running in containerized environments
  • The participants will be introduced to Docker, Kubernetes and learn to assess the attack surfaces applicable for a given application on the cluster.
  • The participants will learn how to audit for security based on best practices using tools and custom scripts

Wednesday, 25 Sep 2019 00:00 UTC
RAI Amsterdam, Europaplein 24, 1078 GZ Amsterdam, The Netherlands

Training Outline

  • Student training lab setup
  • Docker Quick Start
  • Docker Advanced Concepts
  • Docker-compose
  • Portainer
  • Docker Security Architecture
    • Namespaces
    • Capabilities
    • Control Groups
  • Scenarios
    • Exploiting docker misconfiguration
    • Exploiting Docker Images and Containers
    • Attacking Private Registry
    • Attacking Docker Volumes and Networks
    • Auditing Docker Volumes and Networks
    • Exploiting Container Capabilities to escape
  • Docker Integrity Checks
  • Container introspection tool - amicontained
  • LSM - Apparmor Nginx Profile
  • Docker Bench Security Audit
  • Container Logging and Monitoring
  • Docker Logging
  • Docker Events
  • Kubernetes Cluster environments setup
  • Kubernetes 101
    • Getting started with Kubernetes
    • Introduction to Kubernetes
    • Overview & Technical Terms
    • kubectl usage for pen-testers
  • Scenarios
    • Exploiting Private Registry via Misconfiguration
    • Attacking Kubernetes Cluster Metadata using SSRF vulnerability
    • Testing for the sensitive configurations and secrets in Kubernetes cluster
    • Docker escape using Pod Volume Mounts to access the nodes and host systems
    • Attacking applications in different namespaces in Kubernetes cluster
    • Attacking Helm tiller with default RBAC setup
  • Auditing Kubernetes
  • kube-bench
  • kube-hunter
  • kubeaudit
  • Logging and Monitoring for Security Events
  • Logging and Monitoring
  • Security checks for events using Sysdig Falco (DEMO Only)
  • Advanced Scenario
  • Exploiting Kubernetes API Server Vulnerability CVE-2018-1002105 (DEMO Only)
  • Popular Attacks around Docker and Kubernetes ecosystem
  • Resources and References


  • Google Cloud Platform (GCP) Free trial account (
  • At least 8 GB of RAM, 10GB of disk space free on the system
  • Laptop should support hardware-based visualization
  • If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
  • Other visualization software might work but we will not be able to provide support for that
  • USB Ports for copying data from Pen drive

Student Requirements

  • Basic knowledge of using the Linux command line
  • System administration basics like servers, applications configuration, and deployment
  • Familiarity with container environments like Docker would be useful

Who Should Attend?

  • Penetration Testers, Security Engineers and Bug bounty hunters
  • System administrators, DevOps, and SecOps Teams
  • Anyone interested in the container infrastructure security

What to expect?

  • Complete hands-on training with a practical approach and real-world scenarios
  • Ebooks of the training covering all hands-on in a step by step guide (HTML, PDF, EPub, Mobi)
  • Git repository of all the custom source code, scripts, playbooks used during the training
  • Resources and references for further learning and practice

What not to expect?

  • A lot of hand-holding about basic concepts already mentioned in the things you should be familiar with
  • A lot of theory. This is meant to be a completely hands-on training!!
  • To become an accomplished DevOps or containers expert
Madhu Akula
Madhu Akula
Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.