Docker and Kubernetes Security Workshop

... > Training Courses > Docker and Kubernetes Security Workshop

Docker and Kubernetes Security Workshop

Do you want to learn how to attack and exploit containers on a Kubernetes cluster? This three-day workshop will teach you how to break out of containers and become a Kubernetes cluster admin by abusing and exploiting common misconfigurations.

During this workshop, the participants will perform various container escape scenarios in our dedicated lab environment. In addition, a vulnerable Kubernetes cluster will be available to the participants which will be attacked. Get insights in how an attacker can abuse your workloads and how to prevent configuration pitfalls when setting up your environment. This is a very interactive workshop with exercises, demonstrations and hands-on material.

Why should you attend?

  • Get to know the basics of Docker and Kubernetes security
  • Gain an insight in the attack surface of Docker and Kubernetes
  • Learn about common security misconfigurations
  • Learn to attack and exploit misconfigured containers in our lab
  • Learn to attack and exploit a misconfigured Kubernetes cluster in our lab

Intended Audience

This training is suitable for:

  • Pentesters
  • Developers
  • Students
  • Security testers
  • Security enthusiasts
  • General security practitioners
  • Anyone with an interest in Docker/Kubernetes and technical affinity

This training is devised for technical personnel. Participants may vary in skill level from no experience to novice in pentesting and working with containers or Kubernetes. A basic understanding of Linux and command line is needed. Experience with Docker or Kubernetes is not required. All basic concepts will be addressed. during the workshop as a refresher.

Required Skills & Expertise

This training is devised for technical personnel. A basic understanding of Linux command line and infrastructure is needed. Experience with Docker or Kubernetes is not required. All basic concepts will be addressed during the workshop as a refresher.

Workshop Program

In this three-day hands-on workshop, we split the day in a morning and afternoon part. Depending on your organization and the skills of the participants, the program and technical-depth of the contents can be adapted.

High level program day 1: Intro and Docker basics

Time

Topic

Description

9:00

Diving into Docker

  • Technical introduction of Docker, with a discussion of its internals.
  • Container building blocks.
  • Basic commands and the REST API

12:00

Lunch

13:00

Docker misconfigurations

  • Introducing Docker misconfigurations and how to exploit them.
  • Container registries

14:30

Hands-on Docker hacking

  • Escaping from four different Docker containers

16:30

Q&A

Wrapping up.

High level program day 2: Technical intro to Kubernetes

Time

Topic

Description

9:00

Starting with Kubernetes

  • Technical introduction into Kubernetes, how it works and how to use it.
  • Kubernetes Components
  • Node components

12:00

Lunch

13:00

Hands-on with Kubernetes

Setting up a Kubernetes cluster and how to deploy containers into Kubernetes.

16:30

Q&A

Wrapping up.

High level program day 3: attacking Kubernetes

Time

Topic

Description

9:00

Misconfigurations in Kubernetes

  • Introduction several potential misconfigurations in Kubernetes
  • RBAC

12:00

Lunch

13:00

Hands-on: hacking a Kubernetes cluster

  • Attacking Kubernetes.
  • Hacking a Kubernetes cluster, combining several misconfigurations to obtain high privileges within a Kubernetes cluster.

16:30

Q&A

Wrapping up.

More Information

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email info@secura.com.

USP

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.