Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, new users may introduce security risks like cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.

This workshop will teach you the fundamentals of Kubernetes security, from protecting your cluster to securing your workloads. You'll learn about RBAC, OPA, Security Contexts, Network Policies, and other security features. You'll also learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.

This workshop is designed for both beginners and advanced students. By the end of the workshop, you'll have a deep understanding of Kubernetes security and the skills to protect your clusters and workloads

• Kubernetes Security talk: ~40 mins
• Q/A for intro talk, 10 mins
• Break: 10 mins
• Hands-On Attack and Defense workshop: 3 hrs
• Abusing docker for privilege escalation
• Container escape
• Create New Kubernetes Cluster Using Kind
• Explore Kubectl Command
• Explore k9s To Manage Your Cluster
• Deploy Kubernetes Workload
• Get a Shell to a Running Container
• ConfigMaps & Secrets
• Namespaces
• Pod Security Context
• Kubernetes certificate authority
• Pod resource limits
• Scratch Containers
• Service Account Token
• Network Security Policies With Calico
• kube-bench: CIS Kubernetes Benchmark
• kube-hunter: Hunt for security weaknesses in Kubernetes clusters
• kube-linter: Check Kubernetes YAML files and Helm charts
• terrascan: Static code analyzer for Infrastructure as Code
• kubeaudit: Audit your Kubernetes clusters against common security controls
• Challenge 1: NFT Museum
• Challenge 2: Network debugging console