2-DAY TRAINING 3 – From Zero to Hero: Pentesting and Securitization of Docker Swarm & Kubernetes Environments




CAPACITY: 15 pax




This training is designed for RedTeam and BlueTeam professionals who are looking for practical applied security knowledge on containerisation and orchestration from an offensive and defensive point of view. Black Box, Grey Box and White Box analysis are covered on Docker, Docker Swarm and Kubernetes.

From the offensive side, attack techniques related to containers/pods compromising, exploitation, networking abuses, privileges escalation, persistence, lateral movement and node takeover among others will be explained.

On the defensive side, common security issues and a secure way of building docker images and YML deployment files for Swarm and Kubernetes will be analyzed, the right implementation of RBAC access management will be explained, and vulnerability scanners on files and CI/CD pipelines will be presented with other best practices

Key Learning Objectives

  • Understanding of how Docker, Swarm and Kubernetes work from local to productive environments.
  • Black, grey and white box analysis of Docker, Swarm and Kubernetes with applied offensive techniques.
  • Docker Swarm and Kubernetes securitization.

Who Should Attend

  • Offensive security professionals
  • Cloud security professionals
  • Systems Architects
  • Security Analysts
  • Anyone interested in learning more about common issues over containerisation, containers orchestrators and their security concerns

Prerequisite Knowledge

  • Linux basics (including bash and filesystems)
  • Networking basics
  • Pentesting experience (not required)

Hardware / Software Requirements

  • Laptop with at least 8GB RAM and 40GB free disk space
  • Admin/Root access on your laptop
  • VirtualBox installed

Agenda – Day 1:

Docker Fundamentals

  • Architecture
  • Containers
  • Images
  • Networking
  • Volumes

Docker Black Box Analysis:

  • Are we inside a container? Recognizing container environments
  • Container introspection: named/bind volumes, sensitive data, network configuration and more
  • Do we have container neighbors? Scanning docker networks
  • Abusing docker networks defaults
  • Pivoting: compromising the whole docker environment
  • Sorting shell limitations
  • Exploiting docker.sock exposure
  • Persistence techniques

Docker White Box Analysis:

  • Inspecting Docker Images
    • Dockerfile format & commands
    • Common security issues in Dockerfile
    • Building secure images
  • Inspecting multi-container deployment files
    • Docker Compose file structure
    • Common security issues in deployment files

Containers orchestration: Docker Swarm & Kubernetes

  • Multi-clustering concepts
  • Swarm vs Kubernetes

Swarm Fundamentals

  • Nodes & services management
  • Networking
    • Overlay driver
    • Ingress network
  • Secrets storage

Swarm Black Box Analysis:

  • Differences between Docker and Docker Swarm environments from an attacker viewpoint
  • Swarm secrets not too secret
  • Abusing Swarm networks features
  • Pivoting across containers in multi-services & escalated environments
  • Pivoting across different Swarm networks: from frontend to backend
  • Persistence: Creating backdoored services

Swarm White Box Analysis:

  • Inspecting Stack deployment files
    • Stack files structure
    • Common security issues in Stack deployment files

Agenda – Day 2:

Kubernetes Fundamentals

  • Abstraction layers & components
  • Networking, Services & Namespaces
  • Pods management

Kubernetes Black Box Analysis:

  • Detecting K8s orchestration from inside containers
  • Container introspection (Persistent volumes, secrets and more)
  • Discovering & Scanning pods along the entire cluster.
  • Pivoting across pods and network namespaces.
  • Abusing service account token.
    • Privilege escalation: compromising the whole K8s cluster.
  • Persistence techniques

Kubernetes Grey Box Analysis:

  • RBAC audit
  • Abusing misconfigurations
    • Information disclosure
    • Anonymous authentication
    • Secrets listing
    • Users impersonation
    • Remote Code Execution
  • K8s nodes takeover
  • Vulnerability scanners (red-team oriented)

Kubernetes White Box Analysis:

  • Inspecting K8s YAML files
    • Configuration YAML structure
    • Common security issues in YAML files
    • RBAC YAML inspection

Kubernetes & Docker defense:

  • Containers/Images vulnerability scanners
  • On-deploy vulnerability scanners
  • K8s Access management
  • Best practices in Kubernetes and Swarm

Location: Training Rooms Date: July 20, 2020 Time: 9:00 am - 6:00 pm Sheila A. Berta Sol Ozzan