Kubernetes Hacking For Beginners
Kubernetes Hacking For Beginners
Published 1/2025
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 245.49 MB | Duration: 0h 40m
Published 1/2025
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 245.49 MB | Duration: 0h 40m
The ultimate guide to learn how to run a pentest on a kubernetes environment
What you'll learn
Understand the fundamental security concepts in Kubernetes architecture
Identify common security risks and vulnerabilities in Kubernetes deployments, such as exposed dashboards, default configurations, and commonly misconfiguration
Recognize and explain basic Kubernetes security best practices, including the principle of least privilege, namespace isolation
Identify attacks scenarios, define a scope, and create a testing plan
Requirements
Basic security principle and pentesting
Description
This comprehensive course bridges the gap between Kubernetes fundamentals and security testing, designed for security enthusiasts and penetration testers who want to expand their skillset into cloud-native environments. You'll learn how to identify, assess, and exploit security vulnerabilities in Kubernetes clusters through hands-on exercises and practical scenarios.The course begins with essential Kubernetes concepts, including pods, services, deployments, and networking, providing you with the foundational knowledge needed to understand the attack surface. You'll learn how to set up your own testing environment using tools like Minikube or Kind, ensuring you can practice safely and independently.As you progress, you'll discover common misconfigurations and security weaknesses in Kubernetes deployments, such as:Exposed Kubernetes dashboards and API serversMisconfigured RBAC permissionsContainer escape techniquesSecrets management vulnerabilitiesNetwork policy gapsThe course emphasizes practical skills with guided laboratories where you'll learn to:Use security assessment tools specific to Kubernetes environmentsPerform reconnaissance on cluster componentsExploit service account tokens and credentialsEscalate privileges within the clusterMove laterally between namespaces and podsIdentify and exploit vulnerable workloadsSpecial attention is given to defensive considerations, helping you understand how to document findings and provide actionable remediation advice. By the end of the course, you'll have the skills to independently conduct security assessments of Kubernetes clusters and provide valuable insights for hardening these environments.Prerequisites include basic familiarity with Linux commands and container concepts. All necessary tools and techniques will be thoroughly explained, making this course accessible to security practitioners beginning their journey into container orchestration security.
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: K8S key components
Lecture 2 K8S Architecture - Objects
Lecture 3 Demo Architecture
Lecture 4 Networking
Lecture 5 Security
Section 3: Pentest preparation
Lecture 6 Define your scope and identify threats
Section 4: Pentest Execution
Lecture 7 Discovery / Enumeration
Lecture 8 Exploitation Demo
Lecture 9 Persistence
Section 5: Conclusion
Lecture 10 Recap
Any security actor curious about security in kubernetes or pentester to develop their skills on kubernetes