Madhu Akula - The Kubernetes Battleground: Mastering Attack and Defense in Cloud-Native Clusters $2,600 June 2025

DESCRIPTION: Kubernetes has become the defacto of modern cloud-native infrastructure, driving over 80% of production deployments globally (CNCF 2024 survey). Its adoption exposes organizations to evolving attack vectors, from supply chain vulnerabilities to runtime exploitation. Security teams often lack the skills to defend these complex, dynamic environments.

In this advanced training, participants will explore the perspectives of attackers and defenders via hands-on labs, real-world scenarios, and actionable insights. You'll master techniques to exploit Kubernetes environments and deploy robust defenses. By understanding both sides of the battlefield, participants will gain an unparalleled edge in securing Kubernetes clusters while learning how attackers exploit weaknesses.

THINGS YOU’LL LEARN:

• Exploit Kubernetes clusters by targeting infrastructure, workloads, and cloud integrations.

• Secure clusters using tools, benchmarks, and frameworks like MITRE ATT&CK for Containers.

• Build proactive defenses and respond effectively to modern attack patterns.

• By the end of this training, participants will confidently execute red team engagements and strengthen Kubernetes defenses. A comprehensive digital guide will be provided to extend your learning journey.

YOU’LL PARTICIPATE IN:

Overview

Section 1: Foundations of Kubernetes Security (Offense Meets Defense)

• Kubernetes Core Architecture: A fast-track dive into Kubernetes components, focusing on their attack surfaces and security implications.
• Reconnaissance and Enumeration: Advanced techniques with kubectl and custom tools for stealth cluster exploration.
• MITRE ATT&CK and D3FEND: Mapping Kubernetes attack chains to the ATT&CK and D3FEND frameworks for actionable understanding.
• Supply Chain Exploitation:
• Offensive: Compromising CI/CD pipelines, poisoning private registries, and tampering with images.
• Defensive: Image scanning, signed images, and securing CI/CD pipelines with tools like Tekton, Argo, etc..
• Exploiting Cluster Misconfigurations:
• Offensive: Privilege escalation through insecure RBAC, NodePorts, and overly permissive network policies.
• Defensive: Auditing RBAC, enabling Pod Security Standards, and hardening defaults.

Section 2: Runtime Attacks and Defense

• Container Escapes:
• Offensive: Exploiting container vulnerabilities to escape to the host and other nodes.
• Defensive: Securing container runtimes and employing tools like container runtimes and security isolation.
• Network Policy Bypasses:
• Offensive: Breaking poorly designed network segmentation for lateral movement.
• Defensive: Writing robust NetworkPolicies with Calico or Cilium.
• ServiceAccount Exploitation:
• Offensive: Escalating from low-privilege ServiceAccounts to cluster-wide access.
• Defensive: Auditing token usage, disabling token automounting, and employing OPA Gatekeeper policies.
• Helm and Tiller Legacy Exploits:
• Offensive: Gaining cluster control through unsecured Tiller services.
• Defensive: Securing Helm configurations and disabling outdated components.

Section 3: Persistent Threats and Defense Evasion

• Persistence Mechanisms:
• Offensive: Leveraging Sidecars, CronJobs, and DaemonSets for stealth backdoors.
• Defensive: Auditing workloads and monitoring for anomalous resource deployments.
• Secrets Management:
• Offensive: Exploiting misconfigured secrets to access sensitive data.
• Defensive: Leveraging external secrets management tools like Vault, and encrypting secrets at rest.
• Admission Controller Exploitation:
• Offensive: Identifying vulnerabilities in validating/mutating webhooks.
• Defensive: Hardening admission controllers and enabling webhook configurations.
• Evasion Tactics:
• Offensive: Avoiding detection by obfuscating kubectl actions, using ephemeral containers, and abusing logs.
• Defensive: Implementing audit policies, enabling full logging, and integrating SIEM solutions.

Section 4: Hardening Kubernetes Clusters

• Security Posture Management:
• Offensive: Identifying gaps in cluster configuration through automated and manual methods.
• Defensive: Tools like Kubeaudit, Kubescape, KICS, and Trivy to assess and remediate risks.
• CIS Benchmarks: Conducting comprehensive security assessments based on Kubernetes CIS benchmarks.
• Pod Security Standards (PSS): Implementing the PSS to enforce granular security settings.
• Auditing and Monitoring:
• Offensive: Exploiting blind spots in logging and monitoring.
• Defensive: Using eBPF tools like Cilium Tetragon & Falco, Prometheus, and Grafana for real-time threat detection.
• Defense-in-Depth Strategies: Proactively securing the supply chain, infrastructure, and runtime environments.

Section 5: Real-World Exploits and Defense Playbooks

• Case Studies: Recent Kubernetes CVEs, exploits, and lessons learned from real-world attacks.
• Incident Response for Kubernetes: Building response workflows for detecting and mitigating active threats.
• Proactive Threat Modeling: Leveraging attack trees and simulations for continuous improvement.
• Resources and Tools:
• Offensive: Custom-built tools, payloads, and techniques for Kubernetes exploitation.
• Defensive: Open-source tools like KubeArmor, Kyverno, etc for policy enforcement.
• Learning Beyond Training: A curated guide for further exploration, including community projects and research papers.

THIS COURSE IS BENEFICIAL FOR:

• DevOps Engineer
• Full Stack Developer
• Site Reliability Engineer

TECHNICAL DIFFICULTY: INTERMEDIATE

STUDENT REQUIREMENTS: My DEFCON 26 workshop on Attacking & Auditing Docker Containers Using Open Source tools and its video available at https://www.youtube.com/watch?v=ru7GicI5iyI

• Able to use Linux CLI
• Basic understanding of system administration
• Experience with Docker and Containers ecosystem

WHAT SHOULD STUDENTS BRING: A laptop with 16gb of RAM.

WHAT STUDENTS WILL BE PROVIDED WITH:

• Custom built Kubernetes Cluster environment (everyone gets their own). All the lab files will be provided with you for lifetime access.
• Step by Step Digital Guide book for the entire training and bonus content.
• 30-days access to private slack channel for questions and discussions.
• Kubectl cheat sheet, Checklist of tools, and other valuable resources.

TRAINER BIO: Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience.

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s.

• 16 hours of training with a Certificate of Completion
• At the end of training, Madhu offers a test to earn a Certificate of Proficiency (+$400.00)
• Boxed lunch
• 2 coffee breaks per day & snack

Registration terms and conditions:
Trainings are refundable before May 5th, 2025 the processing fee is $250.
Trainings are non-refundable after May 16th, 2025.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.