Hacking and Securing Kubernetes Clusters

Name: Hacking and Securing Kubernetes Clusters
Rating: 4.3 (44 reviews)

Learn how to attack and defend kubernetes clusters

Created byThe Offensive Labs, Srinivas .

Last updated 8/2024

English

What you'll learn

Students will learn different kubernetes components
Students will learn fundamentals of role based access controls in Kubernetes
Students will learn how service accounts work in Kubernetes
Students will learn the basics of Roles, Role Bindings, Cluster Roles, Cluster Role Bindings
Students will understand the Kubernetes Attack Surface
Students will learn how a misconfigured Kubernetes Cluster can be exploited by attackers
Students will learn how to attack the API Server using insecure port
Students will learn how to attack a misconfigured Kubelet API
Students will learn how ETCD storage works
Students will learn how exposed Kubernetes Dashboard can be abused
Students will learn how to perform Static Analysis of YAML files using Kube-audit
Students will learn how to perform Static Analysis using Kubesec
Students will learn how to perform Security Assessments using Kube-hunter
Students will learn how to audit clusters using Kube-bench
Students will learn how to scan Docker images using trivy
Students will learn how to implement network policies
Students will learn how to use Kubernetes Security Context to prevent attacks

Course content

6 sections • 47 lectures • 4h 2m total length

Course Introduction1:22

What is Kubernetes2:00
Fundamentals of Kubernetes0:25
Required Virtual Machine Downloads3:13
Instructor's Lab setup1:48
The instructor demonstrates a three-node Kubernetes lab setup, detailing RAM configuration and a naming convention (master, worker one, Gartley), with machines left fresh for installation.
Downloadable files for lab setup0:02
Setting up a Kubernetes Cluster11:43
Set up a Kubernetes cluster on virtual machines with a bridge adapter. Install Docker, initialize the master node, deploy a CNI like Flannel, and join the worker node.
Lab set up on Ubuntu 24.04 - Updated in August 20240:12
Verify the setup0:45
Common Kubernetes Terms5:44
Understanding various Kubernetes components5:38
Deploying the vulnerable Application13:54
An introduction to Kubectl8:22

Introduction0:52
Kubernetes Attack Surface4:05
Role Based Access Controls - Part 14:19
Role Based Access Controls - Part 211:16
Role Based Access Controls - Part 38:29
Create a cluster role and cluster role binding to let a service account list parts across the cluster beyond a single namespace, demonstrating cross-namespace access and pen testing setup.
Misconfiguring our cluster3:38
Getting started with pentesting a Kubernetes cluster- NMAP2:14
Initial foot hold through Remote Command Execution7:10
Post Exploitation - Enumeration3:15
Post Exploitation - More Enumeration6:49
Post Exploitation - Interacting with containers in the cluster5:51
Demonstrate post exploitation in a Kubernetes cluster by downloading the cube control binary, enumerating parts, nodes, and services, then obtaining shells and accessing API and web app source code.
Getting access to the underlying host - Compromising the worker node5:58
Getting access to the underlying host - Compromising the master node4:01
Full cluster compromise - Summary of the attack1:00
Misconfiguring and Attacking the API Server10:31
Misconfiguring and Attacking the Kubelet API9:31
Learn how exposing the Kubelik API with anonymous authentication enables remote code execution and information disclosure, risking full cluster compromise on Kubernetes.
Exploring and abusing etcd storage12:04
Misconfiguring and Attacking exposed Kubernetes Dashboards13:15

Introduction1:25
Limiting Network Exposure1:45
Use of Authorization4:20
Introduction to Secrets2:01
Introduction to Admission Controllers2:54
Implementing Network Policies to limit the attack surface10:58
Using Security Context to harden the containers14:18
Learn to harden Kubernetes containers with security context, applying non-root user accounts, read-only file systems, and dropped capabilities at the pod level.
Hardening using Apparmor profiles6:30
Hardening using Seccomp profiles4:06
Apply seccomp profiles to restrict specific syscalls in containers, using a kernel feature as a firewall to harden Kubernetes workloads.

Requirements

The course begins from basics
Its good to have Docker knowledge

Description

Kubernetes security, to some people is a complex subject because of the overwhelming jargon and the complex setup it requires to have a multi node cluster especially when you are doing it for the first time. The goal of this Course is to make things clearer and easier for those who are new to Kubernetes and Kubernetes security world.

Who this course is for:

Security Professionals who are into Kubernetes
Cloud Engineers
Devops Professionals
Penetration testers
Red team members
Anyone who is interested in ethical hacking and penetration testing
Anyone who is interested in information security concepts

Hacking and Securing Kubernetes Clusters

What you'll learn

Explore related topics

Course content

Course Introduction1 lecture • 1min

Kubernetes Fundamentals12 lectures • 54min

Hacking Kubernetes18 lectures • 1hr 54min

Automated Assesments6 lectures • 25min

Defenses9 lectures • 48min

Bonus Section1 lecture • 1min

Requirements

Description

Who this course is for: