Workshop Title: “Red vs Blue: Defending Kubernetes in the Real World”

In this interactive, hands-on workshop, participants will dive into the world of Kubernetes security by taking on two opposing roles: attacker and defender.

First, we’ll explore how a malicious actor might target a Kubernetes cluster to gain access, escalate privileges, and exploit workloads for profit—think cryptominers, data exfiltration, or pivoting through the network. You’ll learn about common misconfigurations, exposed services, and privilege escalation paths that attackers love to exploit.

Then, we’ll switch perspectives and become defenders. You’ll see how to detect these attacks in action, respond to incidents, and harden the cluster using built-in Kubernetes mechanisms and Azure’s security suite—including tools like Microsoft Defender for Containers, Azure Policy, and network security controls.

By the end of the session, you’ll walk away with:
• A deeper understanding of real-world Kubernetes attack techniques
• Practical experience identifying and remediating vulnerabilities
• Hands-on exposure to Azure-native tools for container and cluster security
• Actionable takeaways to improve your own cluster’s resilience

Whether you’re a platform engineer, security professional, or just curious about cloud-native security, this workshop will equip you with both the attacker mindset and the defender’s toolkit to better protect your Kubernetes workloads.

Note: Participants should be comfortable using the terminal and have basic Kubernetes knowledge. Bring your laptop—clusters and tooling will be provided!