Kubernetes Intrusion Tactics Junior - 2 days
Description
Kubernetes is now an omnipresent technology in modern infrastructures. Used to automate deployment, scaling and management of applications, it has become a cornerstone of DevOps and cloud-native environments. Its complexity and the diversity of its components nevertheless create a rich and often poorly understood attack surface, exposing organizations to new types of vulnerabilities and compromises.
During this two-day course, participants will discover Kubernetes internals and learn how to exploit its weaknesses from an offensive perspective. From component enumeration to container escapes, including privilege escalation and lateral movement, the course combines theory and hands-on practice on a vulnerable cluster. It is aimed at auditors, red teamers and security teams who want to understand the concrete risks related to Kubernetes and strengthen the security of their environments.
- 2 days (14 hours)
- Full course module and individual practice environment
- 30% theory / 70% practice
Public and prerequisites
This course is suitable for participants with offensive security fundamentals but no prior Kubernetes experience. It is primarily intended for pentesters, system administrators, security architects and developers, and is also appropriate for any technical profile seeking to add a security-focused specialization to their career.
-
Pentesters
-
System administrators
-
Security architects
-
Developers
Good network and Unix knowledge are recommended.
Content
Day 1
Architecture and attack surface: container fundamentals (Docker, OCI), Kubernetes components (API Server, etcd, Scheduler, Controller Manager, kubelet), typical cluster topology (control plane, worker nodes), internal and exposed services (kube-proxy, dashboard, external APIs), networking concepts (ingress, pod-to-pod, CNI, policies). Initial interactions: reconnaissance, authentication (passwords, certificates, tokens) and authorization (node, ABAC, RBAC, WebHook), use of the kubectl CLI.
Day 2
Advanced concepts: pod templates and controllers, escapes (namespaces, PSP, PSA), lateral movement. Practical exercises and realistic scenarios: exploitation of a vulnerable cluster.