< NULLCON 2025 - GOA />
Training Registration
Sponsors Venue CFP
GO BACK
Madhu Akula
Register
Training Objectives Training Outlines WHAT TO BRING? Training PREREQUISITE WHO SHOULD ATTEND? WHAT TO EXPECT? WHAT ATTENDEES WILL GET? WHAT NOT TO EXPECT? ABOUT THE TRAINER
< Training Title />
Blocking the Storm: A Hands-On Guide to Hardening and Securing Kubernetes Clusters
< Training Schedule />
Start Date: Feb 26, 2025
End Date: Feb 28, 2025
< Training Venue />
Venue: TBA
< Training Objectives />
In this training, we will observe attack patterns and offensive tactics in the Kubernetes ecosystem. As we learn from these insights, our focus will shift to building defenses, hardening, and implementing security best practices across the layers of a Kubernetes cluster. We'll leverage a variety of open-source tools and apply battle-tested methods to secure and safeguard cluster environments. Additionally, we'll use real-world attacks to validate our security measures, demonstrating how our guardrails can detect and prevent them. This is a hands-on training that focuses on hardening and constructing security guardrails at multiple layers of Kubernetes, including native RBAC policies, Network Security Policies (NSP), audit logging, and advanced tools like Kyverno, OPA, and eBPF utilities such as Tetragon, etc.
< Training Level />
Intermediate - Advanced
< Training Outlines />
- Kubernetes 101: Fast-Track Introduction
- Introduction to Kubernetes Security Posture Management
- Understanding the Threat Landscape in Kubernetes Environments
- Leveraging MITRE ATT&CK Matrix and D3FEND for Kubernetes
- Threat Modeling Kubernetes and Its Core Components
- Offensive Tactics in Kubernetes: Real-World Attack Scenarios
- Analyzing Attack Patterns and Vulnerabilities in Common Kubernetes Setups
- Layered Security Model for Kubernetes: A Comprehensive Approach
- Implementing Defense-in-Depth with Kubernetes Native Security Mechanisms (RBAC, NSP, etc.)
- Establishing Security Guardrails: Automation and Policy Enforcement
- Policy Enforcement with Open Policy Agent (OPA) and Kyverno
- Enhancing Supply Chain Security with the SLSA Framework
- Infrastructure Hardening and Scanning Using Infrastructure-as-Code (IaC) Tools
- Continuous Improvement through Audit Logging and Monitoring
- Runtime Security and Detection Engineering with eBPF-Powered Tetragon
- Validating Security: Testing and Strengthening Defenses
- Conducting Compliance Audits and Security Benchmarking with CIS Benchmarks and Open-Source Tools (Kubescape, KICS, Checkov, etc.)
- Further Learning: Resources and References
< WHAT TO BRING? />
- Laptop with a modern browser, and wireless internet connectivity
< Training PREREQUISITE />
- Able to use Linux CLI
- Basic understanding of Containers, Kubernetes
- Security Experience would be a plus
< WHO SHOULD ATTEND? />
- Blue Teams, Defenders, and Security Engineers
- DevOps, Cloud, SRE, and Platform Teams
- Security and Solutions Architects, Kubernetes Administrators
- Anyone Interested in Learning Defensive Strategies for Kubernetes and Containerized Environments
< WHAT TO EXPECT? />
- Hands-on Expertise in Kubernetes Defense: Students will gain practical, real-world experience in securing Kubernetes environments by implementing hardening techniques, conducting blue team exercises, and performing security assessments to reinforce defense mechanisms against common attacks in containerized environments.
- Advanced Defense Techniques and Vulnerability Mitigation: The course will teach students how to go beyond basic defenses by using defense-in-depth strategies, mitigating complex attack chains, and addressing security risks such as privilege escalation, lateral movement, persistence, and defense evasion through Kubernetes-native tools and configurations.
- Comprehensive Defensive Learning Resources: Participants will receive a complete digital guidebook, hands-on labs, and additional resources designed to strengthen their understanding of defensive strategies and enable continued security improvement and study beyond the course.
< WHAT ATTENDEES WILL GET? />
- Dedicated Kubernetes Cluster Environment: Each participant receives a custom-built Kubernetes cluster to work with throughout the training.
- Lifetime Access to Lab Files and Setup: Participants will have all lab files and instructions to reproduce the training environment in their own setup, with lifetime access.
- Comprehensive Step-by-Step Digital Guidebook: A detailed guidebook covering the entire training will be provided for easy reference.
- 30-Day Access to Private Slack Channel: Participants can join a private Slack channel for 30 days to ask questions and engage in discussions.
- Kubectl Cheatsheet, Tool Checklist, and Additional Resources: Participants will receive a handy kubectl cheatsheet, a checklist of essential tools, and other valuable resources.
< WHAT NOT TO EXPECT? />
Basics and things already mentioned to be familiar with as this course requires an understanding of Linux CLI & k8s.
< About the Trainer />
Madhu Akula is a pragmatic security leader specializing in product security and cloud-native security. I have created several open-source projects, including Kubernetes Goat, Hacker Container, and tldr.run. I am a frequent speaker and trainer at prestigious events and conferences such as DEFCON, Black Hat, SANS, USENIX, OWASP, Nullcon, All Day DevOps, DevSecCon, and many others. My research has uncovered over 200 vulnerabilities in products and organizations, including Google, Microsoft, AT&T, NTOP, Adobe, WordPress, and GitLab. I am the published author of _Security Automation with Ansible 2_ and a technical reviewer for various books and conferences. I actively contribute to communities like All Day DevOps, Snyk, null, AWS, OWASP, and more. Additionally, I advise startups on building exceptional products and communities, helping them add significant value along the way