Containerization and orchestration have dramatically changed the way in which today’s technologies are deployed and managed. Attack and defense techniques require reinvention and security professionals must now acquire the necessary skills to competently protect these environments.
This training is designed for RedTeam and BlueTeam professionals who are looking for practical applied security knowledge on containerization and orchestration from an offensive and defensive point of view. Black Box, Grey Box and White Box analysis are covered on Docker, Docker Swarm and Kubernetes.
From the offensive side, attack techniques related to containers/pods compromising, exploitation, networking abuses, privileges escalation, persistence, lateral movement and node takeover among others will be explained.
On the defensive side, common security issues and a secure way of building docker images and YML deployment files for Swarm and Kubernetes will be analyzed. The right implementation of RBAC access management will be explained, and vulnerability scanners on files and CI/CD pipelines will be presented with many other best practices.
|CPE Credits||Earn 16 CPE (Continuing Professional Education) for attending this training. Please request a confirmation.|
|Date of Event||24th/25th November 2020|
|Time||9:00 am – 5:00 pm|
|Participation Fee||CHF 2’490.–
Docker Black Box Analysis:
2.1. Are we inside a container? Recognizing container environments
2.2. Container introspection: named/bind volumes, sensitive data, network configuration and more
2.3. Do we have container neighbors? Scanning docker networks
2.4. Abusing docker networks defaults
2.5. Pivoting: compromising the whole docker environment
2.6. Sorting shell limitations
2.7. Exploiting docker.sock exposure
2.7.a. Inspecting the cluster
2.7.b. Getting a shell inside other containers
2.7.c. Host takeover
2.7.d. Remote exploitation via HTTP
2.8. Persistence techniques
Docker White Box Analysis:
3.1. Inspecting Docker Images
3.1.a. Dockerfile format & commands
3.1.b. Common security issues in Dockerfile
3.1.c. Building secure images
3.1.d. Multi-stage builds
3.1.e. Distroless images
3.2. Inspecting multi-container deployment files
3.2.a. Docker Compose file structure
3.2.b. Common security issues in deployment files
Containers orchestration: Docker Swarm & Kubernetes
4.1. Multi-clustering concepts
4.2. Swarm vs Kubernetes
5.1. Nodes & services management.
5.2.a. Overlay driver
5.2.b. Ingress network
5.3. Secrets storage
Swarm Black Box Analysis:
6.1. Differences between Docker and Docker Swarm environments from an attacker viewpoint
6.2. Swarm secrets not too secret
6.3. Abusing Swarm networks features
6.4. Pivoting across containers in multi-services & escalated environments
6.5. Pivoting across different Swarm networks: from frontend to backend
6.6. Persistence: Creating backdoored services
Swarm White Box Analysis:
7.1. Inspecting Stack deployment files
7.1.a. Stack files structure
7.1.b. Common security issues in Stack deployment files
8.1. Abstraction layers & components
8.3. Pods management
Kubernetes Black Box Analysis:
9.1. Detecting K8s orchestration from inside containers
9.2. Container introspection: Persistent volumes, secrets, configmaps and more
9.3. Discovering & Scanning pods along the entire cluster
9.4. Pivoting across pods and network namespaces
9.5. Abusing service account token
9.5.a. Privilege escalation: compromising the whole K8s cluster
9.6. Persistence techniques
Kubernetes Grey Box Analysis:
10.1. RBAC audit
10.2. Abusing misconfigurations
10.2.a. Information disclosure
10.2.b. Anonymous authentication
10.2.c. Secrets listing
10.2.d. Users impersonation
10.2.e Remote Code Execution
10.3. K8s nodes takeover
10.4. Vulnerability scanners (red-team oriented)
Kubernetes White Box Analysis:
11.1. Inspecting K8s YAML files
11.1.a. Configuration YAML structure
11.1.b. Common security issues in YAML files
11.1.c. RBAC YAML inspection
Kubernetes & Docker defense:
12.1. Containers/Images vulnerability scanners
12.2. On-deploy vulnerability scanners
12.3. Access management
12.4. Network Policies
12.5. Best practices in Kubernetes and Swarm
Lecture vs hands-on:
The time will be distributed on 20% lecture vs 80% hands-on. The focus of the course will be mostly dedicated to the hands-on laboratories. The theory lessons will be used to explain necessary concepts that will boost the practical exercises.
Why people should attend this course
The evolution of a technological world has developed the urgent need to deliver fast and flexible changes to every application. Containerization and orchestration play a principal role in the technologies needed to ensure products remain one step ahead of competitors.
RedTeam and BlueTeam members need to gain and maintain an up to date knowledge of the techniques for testing the security of Docker Swarm and Kubernetes environments, as well as understanding the resources to keep them as safe as possible. A lack of information about the security of these topics represent a huge threat to current infrastructure, it’s time to start discussing, evaluating and implementing security techniques for these environments.
Who should take this course
What students should have
What students will be provided by
About your trainers
Sheila A. Berta
Sheila A. Berta is an offensive security specialist who started at 12 years-old by learning on her own. At the age of 15, she wrote her first book about Web Hacking, published in several countries. Over the years, Sheila has discovered vulnerabilities in popular web applications and software, as well as given courses at universities and private institutes in Argentina.
She specializes in offensive techniques, reverse engineering and exploit writing and is also a developer in ASM (MCU and MPU x86/x64), C/C++, Python and Golang. As an international speaker, she has spoken at important security conferences such as Black Hat Briefings, DEFCON, HITB, Ekoparty, IEEE ArgenCon and others. Sheila currently works as Head of Research at Dreamlab Technologies.
Sol Ozzan has been a Developer, Software Architect, Security Analyst and DevOps technologist for the past four years. She works as a Backend Developer and Security Researcher at Dreamlab Technologies, her previous role was at one of the biggest e-commerce in Latin America.
container-based development and deployment, and has dealt with productive environments that handle +30k distributed VMs with ~150k containers that host +2k distributed services that are deployed +3k per day.
When she’s not working she’s volunteering organizing free security events and trainings for beginners, playing Overwatch or listening to vinyl records.
Cancellations of registration are free of charge until 30 days before. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.