Technical Workshop : (Hands-On) A Practical Approach To Kubernetes Security: Deep Dive into Attacks, Defense & Mitigations
[Book My Seat]




Trainer: Divyanshu Shukla & Ravi Mishra

Divyanshu Shukla (Nullcon, C0c0n Trainer, Bsides Bangalore)

Nullcon, C0c0n Trainer, Bsides Bangalore

Senior security engineer with more than 6 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author IAC Code Guardian GPT, Burp-o-mation and a very-vulnerable-serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member 2020/2021/2022. He has also given training and seminars in events like Blackhat Arsenal, C0c0n, Nullcon India, Bsides Bangalore 2023, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.

Past Training Experience :  

  • C0c0n 2023: Led a 2 days workshop on " The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes"
  • Nullcon 2023: Conducted a 3 days training on " The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes"
  • Bsides Bangalore 2023: Conducted a 2 days workshop on " The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes"
  • Nullcon 2022: Conducted 2 day workshop on “Defending & Securing the AWS Cloud”
  • Nullcon 2021: Conducted 2 day workshop on “Auditing and Securing the Cloud”.



Ravi Mishra (Nullcon, C0c0n Trainer, Bsides Bangalore)

Nullcon, C0c0n Trainer, Bsides Bangalore

7+ years of experience in DevSecops & DevOps. Currently working as Lead Security Engineer. Highly Skilled in IAC Security, AWS & GCP Security, SRE, Container Security, K8s (EKS & GKE) Security. Experienced In deploying EKS & GKE Cluster. Previously worked with DevOps Engineering Teams in OLX Group, Paytm Bank, and Opstree. He has also given training and seminars in events like Nullcon, C0C0n, Null Community & Bsides Bangalore

Past Training Experience : 

  • C0c0n 2023: Led a 2 days workshop on " The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes"
  • Nullcon 2023: Conducted a 3 days training on " The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes"
  • Bsides Bangalore 2023: Conducted a 2 days workshop on " The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes" 


>>Block My Seat For Workshop Session  




Workshop Summary : 

Workshop Duration: 2 Days, 16 Hours
Date: 30th-31st May, Thursday, 2024 



In an era where container orchestration is vital to scaling and managing applications, Kubernetes stands out as a pivotal technology. But with its vast landscape comes a multitude of attack vectors. This workshop is meticulously crafted for those seeking a deep, technical, hands-on immersion into the world of Kubernetes security. We begin by laying the groundwork with Kubernetes basics, understanding its architecture, and delving into its potential security pitfalls. Participants will be initiated into the intricate details of Kubernetes attack surfaces, with hands-on labs focusing on real-world vulnerabilities and their corresponding exploits.Using advanced exploitation techniques, our session will unravel sophisticated Kubernetes attack methodologies, from manipulating Role-Based Access Controls to advanced container breakout strategies. But, it's not just about offense; we also cover the art of defense. Learn how to seal your secrets, enforce stringent network policies with Cilium, and employ advanced detection mechanisms using tools like Falco and EFK.The workshop consists of a Capture The Flag (CTF) challenge, designed to test the mettle of participants, pitting their newly acquired offensive and defensive skills against real-world Kubernetes scenarios.By the end of our intensive three-day journey, attendees will not only have an expanded skill set but also the confidence to identify, exploit, and protect Kubernetes clusters in real-world environments.

Note: Cloud Based IDE is provided for hassle free learning to all participants.


Kubernetes is one of the key technologies in modern container orchestration systems. The former has a powerful ability, but it involves many intricate measures of protection. A three-day intensified workshop under experienced leaders Divyanshu Shukla and Ravi Kumar Mishra delves into every aspect of securing self-managed Kubernetes.

At first, basic knowledge about container and Kubernetes security including advanced tactics and countermeasures would be covered. They will involve practical labs that will use real-life vulnerabilities to demonstrate how to apply advanced Kubernetes exploitation in a lab environment and defend organizations against such sophisticated attacks.

Not only does this training consist of security around self-managed Kubernetes clusters.

This course will also deep dive into real-world defenses like Cilium, Kyverno which is a requirement in any Kubernetes cluster.

At the end, this course will talk about monitoring using Falco container runtime using ELK.

Open-source cloud IDE with a complete setup will be provided to all the participants for a hassle-free learning experience.

Key aspects of the workshop include:

  • Understanding of Kubernetes core concepts and security layers.
  • Attacking & Enumerating kubernetes clusters.
  • Exploiting cluster via container breakout & web based vulnerabilities
  • Vulnerability scanning of Kubernetes’s attack surface and exploring the exploitation of documented bugs/CVEs in a production environment.
  • Breakout of advanced container strategies and Role Based Access Control (RBAC) breaches.
  • Hands-on sessions on enforcing Kubernetes secrets, network policies, and internal security measures.
  • Detecting advanced attacks with sophisticated detection mechanisms involving Falcon and EFK
  • Bypassing Falco Container Runtime Security
  • CTF contest aimed at assessing attendees’ competencies in live situations with Kyverno, Falco, cilium.

The participants will learn how to find vulnerabilities in Kubernetes clusters for attack and also defend themselves or their organization by the end of this training. It is imperative that any security professional seeking to excel within the evolving realm of Kubernetes security cannot afford to miss such training.


Workshop Agenda:

Day 1 - Decoding & Attacking Kubernetes Cluster     

  1. Kubernetes & Container Basics

    • Introduction To Container Security
    • Preparing the Environment for Lab Setup
    • Understanding Container Layers
    • Lab: Docker Layers & Dockerfile Demo
    • Lab: Dive For Secret Exfiltration
  2. Introduction to Kubernetes

    • Explanation of Key Kubernetes Components
    • Important Kubernetes Terminologies
  3. Establishing a Kubernetes Cluster via Cilium

    • Lab: Setup Kind
    • Lab: Kind Cluster Validation
  4. Difference between minikube, k3s, Kind & kubeadm

  5. Lab: Validation of Cluster Configuration

  6. Authentication & Authorization In K8s

    • Lab: Authentication In K8s
    • Lab: RBAC via Role & RoleBinding
    • Lab: RBAC via Cluster Role & ClusterRoleBinding
  7. Services in Kubernetes

  8. Lab: Kubectl CLI Basics

  9. Theory: Overview of Kubernetes Cluster

  10. Basic of Helm

    • Lab: Deploy the basic application using Helm
  11. Kubernetes Security Testing

    • Kubernetes Attack Surface
    • Kubernetes Cluster Enumeration
      • Lab: External Kubernetes Cluster Enumeration
      • Lab: Internal Kubernetes Cluster Enumeration
  12. Lab: Exploiting Vulnerable K8s Application

  13. Attacking Role Based Access Controls

    • Lab: Exploit RBAC Misconfiguration
  14. Post-exploitation: Container Breakout Techniques

    • Lab: Host PID True
    • Demo: Host Network True
    • Demo: Host IPC True
    • Demo: Host Volume Mount
    • Lab: Privileged True
  15. Post-exploitation: Common Attack Techniques & Demo Setup

    • Demo: Docker Socket Mount: DIND
    • Demo: Setup Misconfigured Kube API Server
    • Lab: Misconfigured Kube API Server
    • Demo: Unauthenticated Kubernetes Dashboard
    • Lab: Unauthenticated Kubernetes Dashboard
    • Cleanup: Terminating Misconfigured Cluster
  16. Lab: Exploiting Private Docker registry

  17. Lab: Backdooring Docker Image


Day 2 - Defending & Monitoring Kubernetes Cluster 

  1. OWASP Kubernetes Top 10

  2. Automated Vulnerability Analysis of Kubernetes

    • Lab: RBAC: Kubernetes-rbac-audit
    • Lab: Kubescape
    • Lab: Checkov
  3. Protection Strategies

  4. Network Policies - Kubernetes

    • Lab: Secure Network Policies
  5. Securing Secrets in Kubernetes

    • Lab: Basic of Secrets in Kubernetes
  6. Kyverno Admission Controller

    • Lab: Setup of Kyverno
    • Lab: Basics of Kyverno
  7. Network Fabric: Cilium

    • Demo: Basics of Cilium
    • Lab: Cilium
  8. Hardening Kubernetes

    • Lab: Configure AppArmor Profiles & Seccomp Profiles
  9. Detection Strategies

  10. Falco & EFK Logging and Monitoring

    • Lab: Falco & EFK Setup & Monitoring
  11. Lab: Kubernetes Security Testing CTF Lab

    • Lab: Enumeration: From Vulnerable Cluster Web UI
  12. CTF Challenge


>>Block My Seat For Workshop Session  





Candidate Requirements:

You need to bring:


  • Laptop with a minimum of 4GB RAM and 2 CPU cores.
  • Firefox browser installed, specifically for Windows environments.
  • Mobile data connection for enabling a hotspot, as the lab exercises require internet access.
  • Access to wireless internet connectivity for online activities and lab exercises.
  • Windows Laptop with admin access & endpoint security, antivirus & VPN disabled.


Who Should Attend ? 

  • Security Researchers & Professionals: Those looking to delve deep into the world of Kubernetes vulnerabilities, from discovery to exploitation.
  • Developers & DevOps Experts: For those who architect and deploy Kubernetes, and need to understand its attack vectors and defense strategies.
  • DevSecOps Practitioners: Integrating security into DevOps is crucial. Grasp the nuances of Kubernetes security to elevate your organization's defense posture.
  • Pentesters & Cloud Engineers: Master techniques to test the resilience of Kubernetes deployments and understand common misconfigurations.
  • Red Teams and Blue Teams: Experience both the offensive techniques to exploit Kubernetes and the defensive measures to protect it.
  • Beginners in Kubernetes Security: Start your journey with a comprehensive understanding of the threatscape in the Kubernetes ecosystem.


Set Expectations:

  • Hands on session



  • Basic knowledge of the Linux command line.
  • Familiarity with system administration tasks like server and application configuration and deployment
  • A basic understanding of container environments like Docker and distributed systems is advantageous. 


What to expect?

  • Intensive Hands-on Sessions: Practical scenarios drawn from real-world cases, ensuring you gain hands-on skills in Kubernetes exploitation and defense.
  • Deep Technical Insights: A rigorous guide that breaks down complex Kubernetes vulnerabilities and defense mechanisms.
  • Tool Mastery: Acquaint yourself with pivotal open-source tools for Kubernetes security assessment, penetration testing, and defense.
  • Dive into Real-World Penetration Tests: Explore scenarios from actual engagements, sharpening your skills for real-life challenges.
  • Exclusive Access: Utilize a dedicated cloud IDE throughout the training, tailored for Kubernetes vulnerability discovery, exploitation, and mitigation.

What not to expect?

  • Basic Kubernetes Administration: This training is focused on offensive and defensive techniques, not general administration.
  • Unrelated Third-party Tools: We emphasize tools directly related to Kubernetes security, leaving out unrelated technologies.
  • The hands-on labs used during the course are not provided after the training.
  • EKS administration: Training is not focused around eks administration.



>>Block My Seat For Workshop Session 




E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform