Docker and Kubernetes Security Workshop

Do you want to learn how to attack and exploit containers on a Kubernetes cluster? This one-day workshop will teach you how to break out of containers and become a Kubernetes cluster admin by abusing and exploiting common misconfigurations.

During this workshop, the participants will perform various container escape scenarios in our dedicated lab environment. In addition, a vulnerable Kubernetes cluster will be available to the participants which will be attacked. Get insights in how an attacker can abuse your workloads and how to prevent configuration pitfalls when setting up your environment. This is a very interactive workshop with exercises, demonstrations and hands-on material.

Why should you attend?

Get to know the basics of Docker and Kubernetes security
Gain an insight in the attack surface of Docker and Kubernetes
Learn about common security misconfigurations
Learn to attack and exploit misconfigured containers in our lab
Learn to attack and exploit a misconfigured Kubernetes cluster in our lab

Intended Audience

This training is suitable for:

Pentesters
Developers
Students
Security testers
Security enthusiasts
General security practitioners
Anyone with an interest in Docker/Kubernetes and technical affinity

This training is devised for technical personnel. Participants may vary in skill level from no experience to novice in pentesting and working with containers or Kubernetes. A basic understanding of Linux and command line is needed. Experience with Docker or Kubernetes is not required. All basic concepts will be addressed. during the workshop as a refresher.

Required Skills & Expertise

This training is devised for technical personnel. A basic understanding of Linux command line and infrastructure is needed. Experience with Docker or Kubernetes is not required. All basic concepts will be addressed during the workshop as a refresher.

Workshop Program

In this one-day hands-on workshop, we split the day in a morning and afternoon part. Depending on your organization and the skills of the participants, the program and technical-depth of the contents can be adapted.

Time

Topic

Description

9:00

Introduction to Containers

What are containers?
Why are they used?
Building blocks
Components, basic command, and usage

10:30

Coffee break

Docker Misconfigurations

How to exploit them

Hands-on Docker hacking

Escape from four different containers

12:00

Lunch

Introduction to Kubernetes

Components, usage, and misconfigurations

Kubernetes Attack Surface

Attacking the different components

14:45

Coffe break

Kubernetes Lab

Hands-on, attacking a vulnerable Kubernetes cluster and capture flags spread throughout the cluster.

Wrap up with questions and answers

More Information

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email info@secura.com.

First Name

Last Name

Company / Organization Name

Phone Number

Email Address

Message

I give permission to process my data as described in the Privacy Policy.

ABOUT SECURA

Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.