A hacker’s view on #containers and #kubernetes

Course Description

Kubernetes and containers are a very hot topic nowadays and are very easy to use. On the other hand, the underlying components that make up Kubernetes is a very complex system that few people really understand. To make things more complex, in a world where automation, registries, CI/CD and vaults rules … how to implement and automate security?

A lot of different attack vectors aimed at data theft, currency mining, cluster takeover and much more put the sometimes-immense clusters at risk.  Current in-use security controls like firewalls, malware protection, role-based access control, etc. do not offer an acceptable level of protection anymore and are blind for what is happening inside. We’ll discuss the key concepts of containers and Kubernetes. During the training, we will focus and learn how it all works in detail, but in very practical way, in order to learn to better and reliably protect our applications, workloads and clusters.

There are a lot of concepts to be explained (pods, namespaces, services, etc. ) , but we will do that so that you understand the purpose and the security aspects of all of them. This training is not about application or exploit development … but it will give you the necessary insights into this emerging and exciting world and bring your hacking skills to the next level! Promised!

Course contents

Day 1

  • Setting the scene!
  • Advanced introduction to containers and docker
  • Building our first hacking container
  • What about Seccomp, AppArmor, Capabilties?
  • Finding vulnerabilities in container images
  • Understanding the K8S architecture and components
  • Deploying a hacking pod

Day 2

  • Deep diving into pods, deployments, namespaces, services, etc …
  • Exposing applications (load balancing, Ingress, node port …)
  • Deploying and analyzing a complex microservice
  • K8S secrets and config maps
  • Network security and pod security
  • Introduction to ISTIO framework

Day 3

  • Understanding K8S authentication and API
  • How to use legacy and advanced hacking tools in K8S
  • Dissecting a pod
  • Advanced containers and POD tricks
  • Backdooring K8S POD
  • Admission controllers in K8S

What would the attendees gain?

  • Understanding containers (Docker) and advanced (security) features
  • How to find vulnerabilities in containers and images
  • Deep understanding of Kubernetes pods, labels and selectors
  • Deep understanding of Kubernetes inner workings and cluster networking
  • Deep understanding of Kubernetes RBAC and authentication
  • Network security and pod security
  • Hijacking containers and pods

Target audience

This training is intended for everyone that wants to learn about the inner workings of K8S and the related security concepts. If you are a security admin, a network engineer, a pen-tester or a DevOps engineer and interested in security and containers…  you’re welcome! It will be an advanced course, but we’ll start from the beginning!

Requirements

  • A notebook with access to SSH
  • Administrative rights
  • Docker for Mac or Windows (preferred)

Trainer Biography

Philippe Bogaerts brings more than 20+ years of experience in security. Starting out as a trainer specializing in advanced TCP/IP protocols, networking and security, Philippe quickly became known by colleagues as “Philippe hacks to learn”. Being a pioneer in network firewall, reverse proxy and load-balancing, Philippe later on specialized in web application security with a focus on penetration testing and web application firewalling.

About +4 years ago, containers and orchestration grabbed his attention and started researching (mostly as a hobby), the architecture and security aspects of these new emerging technologies.

Today, Philippe contributes mostly by writing blog post https://medium.com/@xxradar , talking at meetups as well as co-organizing a renowned security conference BruCON (Sounds familiar ;-)). During daytime, Philippe is a solution architect at https://aquasec.com.