Kubernetes Crusade: Deep Dive into Attacks, Defense & Mitigations

Objectives of Training:

This is a three-day, hands-on introduction to Kubernetes security for real environments. Training starts with container and Kubernetes fundamentals, builds a working kind cluster with Cilium, and learn how core components behave under normal and unsafe configurations. Then practice with Docker layers, Dive based secret discovery, namespaces and cgroups, then cover authn and authz, Services, kubectl workflows, Helm basics, and deploy a sample app you will attack and later harden Day two focuses on offense and the OWASP Kubernetes Top 10. Next is to enumerate clusters from outside and inside, exploit a vulnerable app, and abuse weak RBAC. Run test on host namespaces, hostPath mounts, privileged pods, and Docker socket exposure. Try to reproduce common misconfigurations, including a lax API server and a public dashboard. Then pull from and test a private registry and backdoor images. Also run automated analysis with Kubernetes RBAC audit, Kubescape, kube-bench, kube-hunter, and Checkov. Day three focuses on defense and supply chain security. You enforce network policies, implement least privilege RBAC, and secure secrets with native objects and Sealed Secrets. Then bring up Kyverno for admission control. You harden workloads with security Context and distroless images and scan with Clair. You add Istio and verify service-to-service mTLS. Also generate SBOMs with Syft and Grype and with the Docker SBOM plugin. Secure CI and CD with Tekton Chains and verify SLSA provenance using x509 keys. Then complete the training by threat modelling GitOps on Argo CD and then validating the report with an open-source report.