Docker and Kubernetes Security Workshop

... > Training Courses > Docker and Kubernetes Security Workshop

Docker and Kubernetes Security Workshop

Do you want to learn how to attack and exploit containers on a Kubernetes cluster? This three-day workshop will teach you how to break out of containers and become a Kubernetes cluster admin by abusing and exploiting common misconfigurations.

During this workshop, the participants will perform various container escape scenarios in our dedicated lab environment. In addition, a vulnerable Kubernetes cluster will be available to the participants which will be attacked. Get insights in how an attacker can abuse your workloads and how to prevent configuration pitfalls when setting up your environment. This is a very interactive workshop with exercises, demonstrations and hands-on material.

Why should you attend?

  • Get to know the basics of Docker and Kubernetes security
  • Gain an insight in the attack surface of Docker and Kubernetes
  • Learn about common security misconfigurations
  • Learn to attack and exploit misconfigured containers in our lab
  • Learn to attack and exploit a misconfigured Kubernetes cluster in our lab

Intended Audience

This training is suitable for:

  • Pentesters
  • Developers
  • Students
  • Security testers
  • Security enthusiasts
  • General security practitioners
  • Anyone with an interest in Docker/Kubernetes and technical affinity

This training is devised for technical personnel. Participants may vary in skill level from no experience to novice in pentesting and working with containers or Kubernetes. A basic understanding of Linux and command line is needed. Experience with Docker or Kubernetes is not required. All basic concepts will be addressed. during the workshop as a refresher.

Required Skills & Expertise

This training is devised for technical personnel. A basic understanding of Linux command line and infrastructure is needed. Experience with Docker or Kubernetes is not required. All basic concepts will be addressed during the workshop as a refresher.

Workshop Program

In this three-day hands-on workshop, we split the day in a morning and afternoon part. Depending on your organization and the skills of the participants, the program and technical-depth of the contents can be adapted.

High level program day 1: Intro and Docker basics

Time

Topic

Description

9:00

Diving into Docker
  • Technical introduction of Docker, with a discussion of its internals.
  • Container building blocks.
  • Basic commands and the REST API

12:00

Lunch

13:00

Docker misconfigurations
  • Introducing Docker misconfigurations and how to exploit them.
  • Container registries

14:30

Hands-on Docker hacking
  • Escaping from four different Docker containers

16:30

Q&A

Wrapping up.

High level program day 2: Technical intro to Kubernetes

Time

Topic

Description

9:00

Starting with Kubernetes
  • Technical introduction into Kubernetes, how it works and how to use it.
  • Kubernetes Components
  • Node components

12:00

Lunch

13:00

Hands-on with Kubernetes

Setting up a Kubernetes cluster and how to deploy containers into Kubernetes.

16:30

Q&A

Wrapping up.

High level program day 3: attacking Kubernetes

Time

Topic

Description

9:00

Misconfigurations in Kubernetes
  • Introduction several potential misconfigurations in Kubernetes
  • RBAC

12:00

Lunch

13:00

Hands-on: hacking a Kubernetes cluster
  • Attacking Kubernetes.
  • Hacking a Kubernetes cluster, combining several misconfigurations to obtain high privileges within a Kubernetes cluster.

16:30

Q&A

Wrapping up.

More Information

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form, by telephone +31 (0)88 888 31 00 or email info@secura.com.

USP

Related

Related image

Crystal Box Kubernetes Pentesting

Discover how Secura's Crystal Box Kubernetes Pentesting service can help you secure the complete setup. We offer comprehensive vulnerability assessment and penetration testing for your Kubernetes configurations.

 Related image

Cloud Security Training

The course gives a comprehensive overview of the OT security landscape, including new insights, threats and challenges. After the training, you will be equipped to assess and defend industrial control systems.

 Related image

The top 10 Kubernetes findings of our pentesting team

Security specialist Ilona de Bruin shares the most common vulnerabilities she and her colleagues find during their Kubernetes assessments.

ABOUT SECURA

Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.