Build It – Break It – Fix It: A Kubernetes Story



3 days

Delivery Method




Seats Available



3 days

Delivery Method




Kubernetes only entered the public domain in 2015 and yet has completely changed the landscape of application deployments. With a rapid development model and short term official support, things are not slowing down. This course aims at bringing you up to speed with the concepts of Kubernetes, focusing on what is modern and what you are likely to see across clusters throughout the real world.

The main takeaway from this course is not just deeper knowledge of how Kubernetes clusters work internally, but more importantly, how to ensure smooth sailing despite security risks imposed in a rapidly changing and developing ecosystem of distributed deployments of containerised applications.


Topics Covered

Build It Section:
Covers basic principles of Kubernetes without feeling like covering basic principles – by building delegate’s own hands-on lab environments in real time

  • Building blocks of K8s
  • Writing YAML deployment files
  • Semi-automated tooling and associated issues
  • Deploying & Configuring locally hosted deployments
  • Deploying & Configuring cloud-managed service based deployments
  • Differences / impacts between available options


Break It Section:
Covers a range of attack chains against the various deployments created in the Build It section. Including but very much not limited to:

  • breakouts
  • bypasses
  • enumeration
  • RBAC
  • token stealing
  • service exposure
  • cross-namespace pivoting
  • beyond-the-cluster compromise scenarios


Fix It Section:
Covers a range of defence in depth best practices that aim to mitigate the various risk demonstrated in the Break It section

  • distroless containers
  • debugging live containers
  • ephemeral containers
  • industry standard SW stacks
  • runtime monitoring and anomaly detection
  • processing logs/events
  • policy enforcement

Why You Should Take This Course

Kubernetes is gaining more traction, adoption and popularity every year. This course aims to help you get on track or up to date with latest developments and attacks. We put great emphasis on hands-on labs – not just attack scenarios, but also building a cluster from the ground up and doing so securely. To understand the technology at hand, defence is just as important as offence.

Who Should Attend

  • Kubernetes architects and administrators, Site Reliability Engineers, DevOps engineers, SecOps engineers, System administrators, IT Security professionals, Penetration Testers, Red/Blue/Purple Teamers,
  • Or anyone with an interest in attacking and defending Kubernetes environments or container breakouts

Key Learning Objectives

  • Build it - configuring and deploying some likely Kubernetes scenarios, initially with minimal active consideration for secure configuration, just like we're used to seeing in the wild. Dealing with some potential issues that arise thanks to several semi-automated setup tools, including from locally hosted through to cloud-managed service based deployments and the impacts of that decision.

  • Break it - A range of oldschool-to-bleeding-edge attack labs will follow, exposing the flaws in what we built. Covering topics including, but not limited to, breakouts, bypasses, enumeration, RBAC, token stealing, service exposure, cross-namespace pivoting, beyond-the-cluster compromise, and much more.

  • Fix it - in-depth defence measures to mitigate the risks demonstrated. Including a look at distroless containers, debugging live containers, ephemeral containers, industry standard SW stacks, runtime monitoring and anomaly detection, processing logs/events, policy enforcement
  • Prerequisite Knowledge

    Only requirement is you are comfortable working from the terminal, are keen and willing to learn and step outside of your comfort zone!

    Hardware / Software Requirements

    • A laptop (Chromebook will be sufficient) with a browser (our labs are hosted in a virtual environment).
    • In case of a virtual delivery, unrestricted Internet access might be necessary (no corporate VPN)
    Students will be provided with
    • Full slide deck.
    • Handouts with lab walkthroughs
    • 30 days worth of on-demand lab access (HITB exclusive)

    Your Instructor

    Ant has always, always, felt a need to understand what makes things tick.

    Whether it was pulling apart his toys as a child, first learning to code at around six years old on a BBC Micro in the early 90s, building custom PCs for pocket money as a pre-teen, making websites, or transplanting car engines – he just had to know the “how”, the “why”, and the “could it be made to work differently”.

    Sometimes things still work when he’s done with them.

    Whilst he may have always been one at heart, Ant finally felt he became a Proper HackerTM relatively late in life, working as a Security Consultant / Penetration Tester after achieving a BSc (First Class Hons) in Mathematics and Computing as a mature student in 2015. Over the years since, he has held numerous certifications, such as OSCP, CREST CRT, QSTM / CHECK CTM, AWS-SAA/DVA/SCS, and others.

    In 2018 Ant was recruited to teach Advanced & Specialist Hacking courses in addition to Penetration Testing and Red Team exercises. He has since built and delivered hands-on training to crowds from just a few to over a hundred people at dozens of leading international conferences, including Black Hat USA/Europe/Asia/SecTor, BruCON, OWASP, NullCon, NorthSec, CPX360 and many others, numerous in-house private deliveries, and countless live online virtual events. He specialises in Enterprise Traditional-, Cloud-, Multi Tenant-, and Cloud Hybrid- Infrastructure Security, Containerization and Container Orchestration.

    For as long as he can remember Martin has felt a fascination with the inner workings of both software and hardware at all levels.He first found work as a Software Developer in 2011, before gaining a BSc (top of the class) in Computer Science in 2016 and then going on to specialise in cyber security, achieving an MSc in Computer Security in 2018.

    Since first becoming a Security Consultant Martin has worked on many interesting and unusual Penetration Testing and Red Team exercises and has earned a number of professional certifications, including OSCP, OSWE, OSEP, CKA, AWS-SAA, and others. Martin specialises in Application Security / Secure Software Development, DevSecOps, Kubernetes Security and Cloud Infrastructure Security. He has authored and delivered training on a wide variety of topics ranging from Cloud and Kubernetes Security, through Digital Forensics and Advanced Application Security, with a particular focus on unusual and niche topics.

    With his background in software development and expertise in cyber security, Martin understands how security vulnerabilities can be introduced at every stage of the development lifecycle. He is passionate about combining this knowledge of the two fields when he creates training content.