Containers and Kubernetes are everywhere. The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this training, we will see both sides (offensive & defensive) of the coin by learning tactics, techniques, and procedures (TTP). We will start with understanding architecture and its attack surface. Then we will dive into each layer of security starting from the supply chain, infrastructure, runtime, and many others.
From an attacker’s perspective participants can assess and attack Kubernetes Cluster environments to gain access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments. Also, we will be using the offensive knowledge to build and design secure cluster environments using secure defaults, RBAC, NSP, Policy Engines, and many other built-in and open source components.
Training level: Intermediate; Advanced
TRAINING OUTLINE
kubectl