Container Infrastructure Analysis with kube-hunter
Want to learn how to analyze (and prevent) security weaknesses in Kubernetes? If so, you're in the right place! In this course, you will learn Container Infrastructure Analysis with kube-hunter.
What you'll learn
“Common” Kubernetes (K8s) hardening suggests a focus on the control plane. But what if a cluster could be backdoored through the kubelet? In this course, Container Infrastructure Analysis with kube-hunter, we will use kube-hunter to investigate a K8s attack. First, you will use kube-hunter to enumerate security weaknesses in a K8s cluster. Second, you’ll use kube-hunter findings (i.e., a discovered kubelet endpoint) to investigate privilege escalation. Third, you’ll leverage the privilege escalation findings to detect a persistence method (i.e., a malicious container image) through Trivy . Fourth, you’ll harden K8s so the aforementioned attack can’t occur again! When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: System Services (T1569), Exploitation for Privilege Escalation (T1068), and Implant Container Image (T1525).
Table of contents
- Version Check 0m
- What Is kube-hunter? 4m
- Cybersecurity Frameworks 3m
- Demo Environment Overview 3m
- Demo Environment Installation 3m
- Demo 1: Scanning a Kubernetes Cluster 5m
- Demo 2: nmap and /pods Scan 3m
- Demo 2: Recap 2m
- Demo 2: Credential Scan 5m
- Demo 3: Trivy and Docker History 3m
- Demo 4: Kubernetes Hardening 3m
- Demo 4: Modifying the Pod Security Policy 2m
- Demo 4: Applying the Pod Security Policy 2m
Course FAQ
kube-hunter is an open-source tool that hunts for security issues in your Kubernetes clusters. It is designed to increase awareness and visibilty of the security controls in Kubernetes enviroments.
In this cyber security course you will learn how to use kube-hunter and Pod Security Policies to search for and prevent Kubernetes threats.
Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management.
Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The policy defines a set of conditions that a pod must run with in order to be accepted into the system.
Trivy is an easy-to-use and comprehensive and open source vulnerability scanner for container images.
About the author
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy... more