TR26-08

A new two-day workshop in english.

Offensive K8s Security 101

Your trainers are Sebastian Funke & Sven Nobis.

 

Overview

Container orchestration has been the driver for velocious software development and reliability engineering. But how to ensure the secure operation of your apps in a Kubernetes (K8s) cluster? In this workshop we take the perspective of a security auditor and attacker to attack and defend a shared Kubernetes cluster together. Container, microservices, Kubernetes, GitOps - all those terms dominate the modern software development teams and processes. In the first part of this course, you learn the technological basics behind all those terms. In the second part, you take the perspective
of a security auditor and finally of an attacker and learn to attack and defend a shared Kubernetes cluster. Among others, you will gain answers for the following questions:

 

• How to audit the security of a Kubernetes cluster?
• What are the most common security pitfalls in (managed) Kubernetes clusters?
• How to compromise a Kubernetes cluster?

 

All topics are guided by and demonstrated with practical hands-on exercises in a shared K3s Kubernetes cluster (in Hetzner Cloud). At the end of this workshop the participants will have gained in-depth knowledge about the hardening and attacking of Kubernetes clusters and the impact of misconfigurations for deployed application architectures and the operation of a modern microservice infrastructure. The workshop ends with an attack and defense game where the participants attack other participants and defend themselves by applying their knowledge learned along the way.

 

Who should attend this training?

• Security professionals who want to learn how to audit and pentest a K8s cluster
• Kubernetes operators who want to learn how to defend a cluster and impact of misconfigurations

 

Requirements

The attendees should have:

• Basic knowledge of using the Linux Bash command line
• At least beginner and intermediate knowledge about Docker container and K8s container orchestration
• Ideally offensive security practice to have fun during the attack & defense

 

About the trainers:

Sebastian Funke is an IT Security Analyst and Researcher at ERNW Enno Rey Netzwerke GmbH with over 9 years of expertise. His daily work covers a wide range of topics from security assessments in complex enterprise landscapes, focusing on classical penetration tests of networks, desktop and web applications, as well as container and (multi-)cloud
environments. 

 

 

Sven Nobis is a senior security researcher and analyst at ERNW. He has worked in IT for more than 15 years and specializes in cloud security. His daily work includes security assessments, red teaming, training, and consulting for European Fortune 100 companies. Before joining IT security, he was a professional developer and continues to use his passion for it to improve security by sharing knowledge and contributing to open-source projects from time to time. Sven has published several critical vulnerabilities in enterprise cloud software, such as Broadcom VMware.