Will Kline - Cloud Native Kill Chain - DCTLV2025
Name of Training: Cloud Native Kill Chain
Trainer(s): Will Kline
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,000
Course Description:
Pentesting in the cloud goes beyond basic EC2 exploitation. This course bridges the gap between traditional pentesting skills and modern cloud-native environments. Learn how identity, critical assets, and cloud-native tactics are leveraged to identify vulnerabilities in AWS and Kubernetes environments.
The instructor, a former pentester and current cloud platform architect, shares practical techniques – from bypassing noisy scans to leveraging cloud backends for data exfiltration – used daily in professional settings. Gain actionable skills to elevate your cloud pentesting game.
Course Outline:
Day 1: AWS Security & Data Exfiltration
-
Introduction: Cloud Security Fundamentals
-
Shared Responsibility Model
-
Key Security Concepts
-
Understanding Data Exfiltration in the Threat Landscape
-
AWS Security Essentials (Data Protection Focus)
-
Identity & Access Management (IAM): Best practices, common misconfigurations leading to exfiltration.
-
Network Security: Security Groups, NACLs, VPC Segmentation – bypassing and misconfiguration risks.
-
Data Exfiltration Techniques: RDS, S3, Other Vectors
-
Hands-on Lab: Data Exfiltration & Mitigation
-
Detection & Prevention: AWS CloudTrail, Amazon GuardDuty, AWS Macie
-
AWS Security Toolbox: Prowler, Awsenum, Scout Suite, WeirdAAL
Day 2: Kubernetes Security Deep Dive
-
Introduction to Kubernetes Security:
-
Kubernetes Architecture & Security Considerations
-
Container Security Overview
-
Kubernetes Security Best Practices
-
Securing the Container Lifecycle:
-
Build: Secure base images, image scanning (Trivy, Clair), multi-stage builds, image signing.
-
Deploy: Admission controllers (Pod Security Policies, resource limits), security contexts, secrets management (Kubernetes Secrets, Vault).
-
Run: Runtime security tools (Falco), network policies, resource limits.
-
Kubernetes Security Vulnerabilities: Container image vulnerabilities, pod security issues, API server vulnerabilities, sidecar abuse, observability tool exploitation.
-
Hands-on Lab: Network Policies, Container Scanning, Pod Security Standards, Admission Controllers
-
Advanced Topics: Service mesh security (Istio)
-
Kubernetes Security Toolbox: kubeaudit, kube-hunter, kubescape
Difficulty Level:
Intermediate
Requirements:
-
Linux shell
-
Nmap (port scanning in general)
-
Containers
-
TCP/IP networks
Suggested Prerequisites:
N/A
What Students Should Bring:
Laptop with kubectl, aws-cli, and python3 installed. The training material has been tested with the latest macOS and Fedora Linux, but most modern operating systems should work.
Trainer(s) Bio:
Will's a Technical Director at Dark Wolf Solutions, where he spends his time wrangling DevOps and cybersecurity. He's a DEF CON addict and loves CTFs – his team once snagged a Black Badge at the IoT! He's also been known to geek out about Kubernetes vulnerabilities and is stoked to share what he's learned.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.