Overview
DELIVERY: VIRTUAL LIVE STREAM
DATE: 3-4 February 2021
TIME: 09:00 to 17:00 CET/GMT+1
| Date | Day | Time | Duration |
| 3 February | Wednesday | 0900-17:00 CET/GMT +1 | 8 Hours |
| 4 February | Thursday | 0900-17:00 CET/GMT +1 | 8 Hours |
(Course timing not suitable? Let us know!)
1:1 call with trainers to help secure your infrastructure!
Containerization and orchestration have dramatically changed the way in which today’s technologies are deployed and managed. Attack and defense techniques require reinvention and security professionals must now acquire the necessary skills to competently protect these environments.
This training is designed for RedTeam and BlueTeam professionals who are looking for practical applied security knowledge on containerization and orchestration from an offensive and defensive point of view. Black Box, Grey Box and White Box analysis are covered on Docker, Docker Swarm and Kubernetes.
From the offensive side, attack techniques related to containers/pods compromising, exploitation, networking abuses, privileges escalation, persistence, lateral movement and node takeover among others will be explained.
On the defensive side, it will be analyzed the common security issues and a secure way of building docker images and YAML deployment files for Swarm and Kubernetes, the right implementation of RBAC access management and vulnerability scanners on files and CI/CD pipelines will also be presented with many other best practices.
Key Learning Objectives
- Understanding of how Docker, Swarm and Kubernetes work from local to productive environments.
- Black, grey and white box analysis of Docker, Swarm and Kubernetes with applied offensive techniques.
- Docker Swarm and Kubernetes securitization.
Who Should Attend
- Offensive security professionals
- Cloud security professionals
- Systems Architects
- Security Analysts
Anyone interested in learning more about common issues over containerisation, containers orchestrators and their security concerns
Prerequisite Knowledge
- Linux basics (including bash and filesystems)
- Networking basics
- Pentesting experience (not required)
Hardware / Software Requirements
- Laptop with at least 8GB RAM and 40GB free disk space
- Admin/Root access on your laptop
- VirtualBox installed
Agenda
Expand AllDocker Fundamentals
• Architecture
• Containers
• Images
• Networking
• Volumes
Docker Black Box Analysis
• Recognizing container environments
• Container introspection: named/bind volumes, sensitive data and more
• Scanning docker networks
• Abusing docker networks defaults
• Pivoting: compromising the whole docker environment
• Sorting shell limitations
• Abusing privileged containers
• Abusing docker.sock exposure
• Abusing Docker API exposure
• Abusing Docker Registry API exposure
Docker White Box Analysis
• Dockerfile inspection
• Distroless and Multi-stage builds
• USER command
• Docker compose files inspection
Docker Daemon and Containers Defence
• Daemon rootless mode
• Securing docker socket and API
• Kernel capabilities
• SystemCall restriction
• Mandatory Access Control
• UID & GID management
• User-namespace remapping
• Control Groups
Swarm Fundamentals
• Nodes & services management
• Networking
Swarm Black Box Analysis
• Differences between Docker and Docker Swarm
• Dump Swarm Secrets and Configs
• Abusing Swarm networks features
• Pivoting across containers in multi-services & escalated environments
• Pivoting across different Swarm networks: from frontend to backend
• Persistence: Creating backdoored services
Swarm White Box Analysis
• Stack files inspection
• Developing secure stack files
Swarm Defence
• Networks isolation
• Network traffic encryption
• Swarm secrets
• Raft-logs key encryption
Kubernetes Fundamentals
• Architecture and Components
• Pods management
• Networking
Kubernetes Black Box Analysis
• Detecting kubernetes orchestration from inside containers
• Container introspection: Persistent volumes, secrets, configmaps and more
• Discovering & Scanning pods along the entire cluster
• Pivoting across pods and namespaces
• Abusing Service Account Token
• Abusing Kube API exposed
• Abusing Kubelet API exposed
Kubernetes Grey Box Analysis
• Cluster inspection
• Services scanning
• RBAC audit
• Abusing impersonation
• Token bruteforce
• Backdoors and node takeover
Kubernetes White Box Analysis
• YAML inspection
• Kubernetes Secrets
• RBAC inspection
Kubernetes Defence
• Securing kubernetes’ components communication
• API Authentication
• API Authorization
• Security Context and Policies
• Network Policies
Other Protection Measures
• Containers/Images vulnerability scanners
• On-deploy vulnerability scanners