Madhu Akula

Posted on Jun 10, 2021 • Originally published at blog.madhuakula.com on May 10, 2021

A Practical Approach to Breaking & Pwning Kubernetes Clusters

#kubernetes #devsecops #pentesting #security

Join me at Black Hat USA 2021 hands-on training!

Super excited to run a complete attacker and offensive-focused Kubernetes Security training at Black Hat USA 2021 (online — virtual). It’s such a privilege and honor to train and present at Black Hat as always. After training multiple batches with sold-out trainings at Black Hat physically(before corona situations), this year I will be running a virtual online training on “A Practical Approach to Breaking & Pwning Kubernetes Clusters” with 2 batches.

You can register for this training before it gets soldout at https://rebrand.ly/bhusa21 and there is an early-bird discount as well :)

Why this training, why blackhat, and why Madhu Akula?

The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most of the security teams struggle to understand these modern technologies.

Some of the high-level things you will be doing in this course:

Exploiting Misconfigruations, Private Registries by performing simple Recon
Escaping out of containers to host systems & cluster to gain more access
Escalating privileges, DoS cluster resources, Lateral movement from container
Gaining unauthorized access to namespaces, microservices, data, and logs
Breaking the boundaries of NSP(Network Security Policy), RBAC, PSP(Pod Security Policy)
Defense evasion techniques & Persistance in Cluster environments
Evaluating the cluster security using CIS benchmarks and Cluster Audits to find all possible risks

Black Hat is an internationally recognized premier cybersecurity event, highly technical that bring together thought leaders from all facets of the infosec world. Black Hat training sessions are provided by some of the most respected experts in the world and many also provide formal certifications to qualifying attendees. Read more about Black Hat here.

Madhu Akula has been working on Containers and Kubernetes since 2016. Created Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security from years of experience from testing, reviewing, architecting, building, and researching Containers, Kubernetes, and Cloud Native Infrastructure environments. Read more about Madhu Akula and his work https://madhuakula.com

What you will be learning in this training?

This training is focused on the offensive and attacker point of view of Kubernetes Security. In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTP) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.

Section-1

Kubernetes 101 — Fasttrack Edition
Security Architecture Review & Attack Trees using MITRE ATT&CK framework
kubectl kung-fu to explore the cluster
Attacking the supply chain by exploiting private registry
Pwning the container images and gaining access to the cluster
Exploiting security misconfigurations in the cluster

Section-2

Escaping out of the container to the host system to gain more privileges
Bypassing NSP and gaining unauthorized access to other microservices
Lateral movement from container to node and then complete cluster access
Escalating from ServiceAccount to more RBAC privileges (No least privileges)
Helm with Tiller service = ClusterPwn (Complete cluster takeover)
Gaining access to k8s volumes, logs of the services, and sensitive data
From application vulnerability to cloud provider access (attack chain)

Section-3

Hacker Container — The Swiss Army knife for hacking Kubernetes Clusters
Exploiting Kubernetes Secrets and gaining access to third-party services
DoS the services and cluster nodes by resources exemption
Understanding Admission controller and possible attack surface around Webhooks
Persisting in the clusters using Sidecar/Cronjob/DaemonSets
Defense evasion techniques for Kubernetes Cluster environments
Some useful hacks around kubectl(cheatsheet will be provided)

Section-4

Tools, techniques for beyond manual exploitation and analysis
KubeAudit, KubeSec, k9s, trivy, dockle, rakkess, linters, and many others…
Performing Docker & K8S CIS benchmarks to find all the possible security risks
Auditing the cluster security posture from Code to Production running cluster
Real-World case studies of Kubernetes Hacking, Vulnerabilities and Exploits
Best practices, Recommendations based on the Security Maturity
Resources & references to further your attacks, exploitation, more learning

Finally, lot of experience and knowledge from the trainer to ask curious questions and learn more about best practices, architecture reviews, advice, strategy, and some hacking stories.

Why you should attend this training, what you will get?

By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide(Digital Book) with resources and references to further your learning.

Key takeaways and Giveaways

Real-World practical knowledge of effectively performing Pentests/RedTeam/SecurityReviews of Kubernetes and Containersed environments
Going beyond basics, showcasing attack trees, and chaining vulnerabilities to cover all the possible security risks like privilege escalation, exploitation, lateral movement, persistence, defense evasion, many other techniques
Complete Digital Guide book, labs, other resources to further your learning
Private Slack Channel for next 30 days for any questions & discussions

Who should attend and what to bring?

One of the coolest things I have been doing since my first Black Hat training is running the entire training smoothly on browser-based labs. This means the attendee or participant just needs to bring their laptop with internet and browser and the trainer will be providing a dedicated custom-built Kubernetes Cluster for everyone.

Some of the skill requirements include

Able to use Linux CLI
Basic understanding of system administration
Experience with Docker and Containers ecosystem would be useful
Security Experience would be plus

I work in DevOps/SRE team, can I join this training?

Yes, absolutely you can join this training. This training very much helps anyone interested in learning more about attacks and the offensive side of the Kubernetes and containerized environments. While doing the training defenders/blue teams get a detailed picture of what things can go wrong and how we can secure Kubernetes Clusters and Cloud Native environments.

Pen Testers, Red Team, and Security Engineers
DevOps, Defenders, Blue teams, Cloud and SRE teams to see the attackers side
Security and Solutions Architects, Kubernetes Administrators
Anyone interested in learning more about attacks and the offensive side of Kubernetes and Containersed environments security

Some glimpse of this training includes

Some of the glimpse for the Kubernetes Security training

Feedback & Review from previous attendees

As I have been doing training, talks, and sessions around the globe for years. I had produced quite a lot of training and sessions around Kubernetes, Containers, and Cloud Native Security. So below are some of the feedback, review from the attendees and events recently.

Attendees Training Reviews: Hacking & Securing Kubernetes Clusters

Nullcon Virtual Online Training Feedback Tweets

NULLCON

@nullcon

😎We had an amazing 4 Days with @madhuakula for his Training

⚡Hacking and Securing Kubernetes Clusters & Students loved the Training session

🙌Sharing with you the Upskilled Batch from Nullcon March Trainings 2021

#Kubernetes #Hacking #Cybersecurity #Nullcon2021

11:40 AM - 11 Mar 2021