Madhu Akula - A Practical Approach to Breaking & Pwning Kubernetes Clusters - DCTLV2025
Name of Training: A Practical Approach to Breaking & Pwning Kubernetes Clusters
Trainer(s): Madhu Akula
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,600
Course Description:
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.
By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.
Course Outline:
Section-1:
-
Kubernetes 101 - Fasttrack Edition
-
Security Architecture review & Attack Trees using MITRE ATT&CK framework
-
`kubectl` kung-fu to explore the cluster
-
Attacking the supply chain by exploiting private registry
-
Pwning the container images and gaining access to the cluster
-
Exploiting security misconfigurations in the cluster
Section-2:
-
Escaping out of the container to the host system to gain more privileges
-
Bypassing NSP and gaining unauthorized access to other microservices
-
Lateral movement from container to node and then complete cluster access
-
Escalating from ServiceAccount to more RBAC privileges (No least privileges)
-
Helm with Tiller service = ClusterPwn (Complete cluster takeover)
-
Gaining access to k8s volumes, logs of the services, and sensitive data
-
From application vulnerability to cloud provider access (attack chain)
Section-3:
-
Hacker Container - The Swiss Army knife for hacking Kubernetes Clusters
-
Exploiting Kubernetes Secrets and gaining access to third-party services
-
DoS the services and cluster nodes by resources exemption
-
Understanding Admission controller and possible attack surface around Webhooks
-
Persisting in the clusters using Sidecar/Cronjob/DaemonSets
-
Defense evasion techniques for Kubernetes Cluster environments
-
Some useful hacks around `kubectl` (cheatsheet will be provided)
Section-4:
-
Tools, and techniques beyond manual exploitation and analysis
-
KubeAudit, KubeSec, popeye, trivy, dockle, rakkess, linters, and many others...
-
Performing Docker & K8S CIS benchmarks to find all the possible security risks
-
Auditing the cluster security posture from Code to Production running cluster
-
Real-World case studies of Kubernetes Hacking, Vulnerabilities, and Exploits
-
Best practices, Recommendations based on the Security Maturity
-
Resources & references to further your attacks, exploitation, more learning
Difficulty Level:
Intermediate
-
Able to use Linux CLI
-
Basic understanding of system administration
-
Experience with Docker and Containers ecosystem would be useful
-
Security Experience would be plus
Suggested Prerequisites:
My DEFCON 26 workshop on Attacking & Auditing Docker Containers Using Open Source tools and its video available at https://www.youtube.com/watch?v=ru7GicI5iyI
What Students Should Bring:
Students will need a laptop with Wi-Fi capability.
I will be providing students with
-
Custom built Kubernetes Cluster environment (everyone gets their own)
-
Step by Step Digital Guide book for the entire training
-
Kubectl cheatsheet, Checklist of tools, and other resources
Trainer(s) Bio:
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]