Marco de Benedictis: Advanced Kubernetes Security: Learn By Hacking (English) 

Course & Training

This unique, industry-leading course takes attendees through the architecture, security, and delivery of Kubernetes systems for security-conscious organisations, using the best of current and next generation tooling. It is written by Hacking Kubernetes author and SANS instructor Andrew Martin.

Combining Red Team (offensive) and Blue Team (defensive) approaches, information security professionals and engineers will gain an understanding of the attack surface of a cloud native system: from building applications into containers and appraising supply chain vulnerabilities, through runtime detection and monitoring, to evading the system’s defences and popping shells, this course gives you the tools you need to understand how to attack and defend against present and future threat actors. Attendees will gain hands-on experience building, exploring, and securing real-world systems through an offensive lens.

In-House Course:

We are happy to conduct tailored courses for your team - on-site, remotely or in our course rooms.

Request In-House Course

Public Course Schedule:

   

Content:


Attendees have access to cloud-hosted clusters and will examine methods of compromise, play attack scenarios against real infrastructure, and then shift their focus to defending and remediating infrastructure services. This includes hardening the Kubernetes orchestrator and workload configuration, deploying security testing and monitoring software in pipelines and clusters, attacking and defending container supply chains, cryptographically signing images and build pipelines, exploring intrusion detection and monitoring, applying AppArmor and Seccomp profiles to defeat attacks, and understanding next-generation runtimes.
The course leverages threat modelling to apply realistic attack vectors and define test driven security controls. These are applied at multiple stages throughout the pipeline to enhance engineers' productivity and feedback loops.

- Wargame custom scenarios against real clusters on production infrastructure
- Use real-world exploits to target key application deployment components
- Explore vulnerabilities to cloud native deployments through authentication, pipeline, and supply chain exploits
- Understand the risks involved in running cloud native infrastructure
- Threat model and remediate threats with optimal defensive controls
- Exploit and then secure application deployments via Docker and Kubernetes

Course Outline

- Container exploitation by example
- Kubernetes attack surface
- Kubernetes deployment pipelines
- Source control signing and verification
- Container image vulnerability scanning
- Circumventing pipeline controls
- Image signing with Cosign and Notary
- Pipeline metadata collection and enforcement
- Supply-chain verification with in-toto and Tekton Chains
- Kubernetes & container security testing
- Secure GitOps deployments with Flux
- Users, identity, and RBAC
- Runtime security and intrusion detection
- Network policy and lockdown
- Service meshes and workload identity
- Advanced container isolation


Disclaimer: The actual course content may vary from the above, depending on the trainer, implementation, duration and constellation of participants.

Whether we call it training, course, workshop or seminar, we want to pick up participants at their point and equip them with the necessary practical knowledge so that they can apply the technology directly after the training and deepen it independently.

Goal:

After the course, participants will be able to apply advanced security practices to protect their applications and infrastructures in Kubernetes and Container environments.


Form:

The course is well structured and consists of theoretical explanations and practical exercises. You will be accompanied by an experienced trainer who can answer questions related to advanced Kubernetes & Container Security.


Target Audience:

The course is aimed at Software, DevOps, and System Engineers or Architects with solid knowledge in orchestrating containers with Kubernetes, looking to expand their skills in security.


Requirements:

Advanced knowledge of Kubernetes and Container Orchestration. Experience with kubectl (apply, get, describe, delete, logs, exec). Proficient knowledge of Linux and the command line.


Preparation:

Every participant will receive a questionnaire and a preparation checklist after registration. We provide a comprehensive laboratory environment for each participant, so that all participants can directly implement their own experiments and even complex scenarios.

Request In-House Course:

In-House Kurs Anfragen

Waitinglist for public course:

Sign up for the waiting list for more public course dates. Once we have enough people on the waiting list, we will determine a date that suits everyone as much as possible and schedule a new session. If you want to participate directly with two colleagues, we can even plan a public course specifically for you.

Waiting List Request

(If you already have 3 or more participants, we will discuss your preferred date directly with you and announce the course.)


Share by: