12-09, 13:00–17:00 (Europe/London), Workshop Room 3
This hands-on workshop aims to give you an understanding of the security features and pitfalls of modern containerization tools like Docker and Kubernetes. We’ll cover a range of topics to build up a picture of the security options available and show practical examples of attack and defence on containerized systems.
There will be hands-on labs covering common attacks on Docker, Docker containers and Kubernetes clusters.
Prerequisites – Familiarity with basic Docker commands and Linux command line use will be helpful, but we’ll provide step-by-step instructions for people who are less familiar with them.
Workshop requirements:
- A laptop with a web browser that does not have strict filtering in place (e.g. no white-list only corporate proxies) and an SSH client.
Rory has worked in the Information and IT Security arena for the last 23 years in a variety of roles in information security and penetration testing. These days he spends his work time on container and cloud native security. He is an active member of the container security community having delivered presentations at a variety of IT and Information security conferences. He has also presented at major containerization conferences and is an author of the CIS Benchmarks for Docker and Kubernetes and main author of the Mastering Container Security training course which has been delivered at numerous industry conferences including Blackhat USA. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.
Iain Smart is a Principal Consultant with ControlPlane, where he performed offsec engagements against cloud-native deployments. He enjoys playing with new technologies, and if he's not hacking a Kubernetes cluster or attacking a build pipeline he can probably be found writing new home automations to annoy his family.