DEV Community

Madhu Akula
Madhu Akula

Posted on • Originally published at blog.madhuakula.com on

A Practical Approach to Breaking & Pwning Kubernetes Clusters

https://rebrand.ly/bhusa21

Join me at Black Hat USA 2021 hands-on training!

Super excited to run a complete attacker and offensive-focused Kubernetes Security training at Black Hat USA 2021 (online — virtual). It’s such a privilege and honor to train and present at Black Hat as always. After training multiple batches with sold-out trainings at Black Hat physically(before corona situations), this year I will be running a virtual online training on “A Practical Approach to Breaking & Pwning Kubernetes Clusters” with 2 batches.

You can register for this training before it gets soldout at https://rebrand.ly/bhusa21 and there is an early-bird discount as well :)

Why this training, why blackhat, and why Madhu Akula?

The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most of the security teams struggle to understand these modern technologies.

Some of the high-level things you will be doing in this course:

  • Exploiting Misconfigruations, Private Registries by performing simple Recon
  • Escaping out of containers to host systems & cluster to gain more access
  • Escalating privileges, DoS cluster resources, Lateral movement from container
  • Gaining unauthorized access to namespaces, microservices, data, and logs
  • Breaking the boundaries of NSP(Network Security Policy), RBAC, PSP(Pod Security Policy)
  • Defense evasion techniques & Persistance in Cluster environments
  • Evaluating the cluster security using CIS benchmarks and Cluster Audits to find all possible risks

Black Hat is an internationally recognized premier cybersecurity event, highly technical that bring together thought leaders from all facets of the infosec world. Black Hat training sessions are provided by some of the most respected experts in the world and many also provide formal certifications to qualifying attendees. Read more about Black Hat here.

Madhu Akula has been working on Containers and Kubernetes since 2016. Created Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security from years of experience from testing, reviewing, architecting, building, and researching Containers, Kubernetes, and Cloud Native Infrastructure environments. Read more about Madhu Akula and his work https://madhuakula.com

What you will be learning in this training?

This training is focused on the offensive and attacker point of view of Kubernetes Security. In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTP) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.

Section-1

  • Kubernetes 101 — Fasttrack Edition
  • Security Architecture Review & Attack Trees using MITRE ATT&CK framework
  • kubectl kung-fu to explore the cluster
  • Attacking the supply chain by exploiting private registry
  • Pwning the container images and gaining access to the cluster
  • Exploiting security misconfigurations in the cluster

Section-2

  • Escaping out of the container to the host system to gain more privileges
  • Bypassing NSP and gaining unauthorized access to other microservices
  • Lateral movement from container to node and then complete cluster access
  • Escalating from ServiceAccount to more RBAC privileges (No least privileges)
  • Helm with Tiller service = ClusterPwn (Complete cluster takeover)
  • Gaining access to k8s volumes, logs of the services, and sensitive data
  • From application vulnerability to cloud provider access (attack chain)

Section-3

  • Hacker Container — The Swiss Army knife for hacking Kubernetes Clusters
  • Exploiting Kubernetes Secrets and gaining access to third-party services
  • DoS the services and cluster nodes by resources exemption
  • Understanding Admission controller and possible attack surface around Webhooks
  • Persisting in the clusters using Sidecar/Cronjob/DaemonSets
  • Defense evasion techniques for Kubernetes Cluster environments
  • Some useful hacks around kubectl(cheatsheet will be provided)

Section-4

  • Tools, techniques for beyond manual exploitation and analysis
  • KubeAudit, KubeSec, k9s, trivy, dockle, rakkess, linters, and many others…
  • Performing Docker & K8S CIS benchmarks to find all the possible security risks
  • Auditing the cluster security posture from Code to Production running cluster
  • Real-World case studies of Kubernetes Hacking, Vulnerabilities and Exploits
  • Best practices, Recommendations based on the Security Maturity
  • Resources & references to further your attacks, exploitation, more learning

Finally, lot of experience and knowledge from the trainer to ask curious questions and learn more about best practices, architecture reviews, advice, strategy, and some hacking stories.

Why you should attend this training, what you will get?

By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide(Digital Book) with resources and references to further your learning.

Key takeaways and Giveaways

  • Real-World practical knowledge of effectively performing Pentests/RedTeam/SecurityReviews of Kubernetes and Containersed environments
  • Going beyond basics, showcasing attack trees, and chaining vulnerabilities to cover all the possible security risks like privilege escalation, exploitation, lateral movement, persistence, defense evasion, many other techniques
  • Complete Digital Guide book, labs, other resources to further your learning
  • Private Slack Channel for next 30 days for any questions & discussions

Who should attend and what to bring?

One of the coolest things I have been doing since my first Black Hat training is running the entire training smoothly on browser-based labs. This means the attendee or participant just needs to bring their laptop with internet and browser and the trainer will be providing a dedicated custom-built Kubernetes Cluster for everyone.

Some of the skill requirements include

  • Able to use Linux CLI
  • Basic understanding of system administration
  • Experience with Docker and Containers ecosystem would be useful
  • Security Experience would be plus

I work in DevOps/SRE team, can I join this training?

Yes, absolutely you can join this training. This training very much helps anyone interested in learning more about attacks and the offensive side of the Kubernetes and containerized environments. While doing the training defenders/blue teams get a detailed picture of what things can go wrong and how we can secure Kubernetes Clusters and Cloud Native environments.

  • Pen Testers, Red Team, and Security Engineers
  • DevOps, Defenders, Blue teams, Cloud and SRE teams to see the attackers side
  • Security and Solutions Architects, Kubernetes Administrators
  • Anyone interested in learning more about attacks and the offensive side of Kubernetes and Containersed environments security

Some glimpse of this training includes

Some of the glimpse for the Kubernetes Security training

Feedback & Review from previous attendees

As I have been doing training, talks, and sessions around the globe for years. I had produced quite a lot of training and sessions around Kubernetes, Containers, and Cloud Native Security. So below are some of the feedback, review from the attendees and events recently.

Attendees Training Reviews: Hacking & Securing Kubernetes Clusters

Nullcon Virtual Online Training Feedback Tweets

This is awesome, I wanted to join the training. What should I do?

You can register for this training before it gets sold out at https://rebrand.ly/bhusa21 and there is an early-bird discount as well :)

Registration Link: https://rebrand.ly/bhusa21

Looking forward to seeing you in the Black Hat training!


Discussion (0)