Contact Details

Hacking and Cyber Security Briefing
manu
Manu Zacharia
+91-98470-96355
thomas
Thomas Kurian Ambattu
+91-94470-22081
akash
Akash Joseph Thomas
+91-94974-65363

WS - 4

Container Security for Red and Blue Teams

WS - 4

Container Security for Red and Blue Teams

 

Workshop Objective:

An organization using micro services, or any other distributed architecture rely heavily on containers and orchestration engines like Kubernetes and as such its infrastructure security is paramount to its business operations. This workshop will focus on how attackers can break into docker container and Kubernetes clusters to gain access, escalate privileges to infrastructure by using misconfigurations and application security vulnerabilities. Then as a blue team we will see how we can leverage the power of automation at multiple layers like Infrastructure Security, Supply chain Security and Run time Security to protect against the container security attacks. At the end of the workshop we will verify the security of the cloud native infrastructure by performing automated security scan with the help of CIS Benchmarks for both Docker and Kubernetes.

By the end of the workshop participants will able to identify and exploit vulnerabilities in applications running on containers inside Kubernetes clusters. The key take away for audience will be learning from these scenarios how they can assess their environments and fix them before attackers gain control over their infrastructure. Trainer will share examples of real world security issues found in penetration testing engagements to showcase mapping of the attack usually happens in the real world and how it can be mitigated as well

Course Content (ToC):

    The below are the high level overview of what topics and how technical we will be covering

    • Quick introduction to Docker, Kubernetes and Cloud Native Infrastructure
    • Overview of attack surface for container infrastructure and ecosystem
    • Real world vulnerabilities in cloud native infrastructure
      • Application bug SSRF to Kubernetes cluster compromise
      • Helm tiller default setup to gain complete cluster access
      • Path traversal vulnerability to compromise container private registry
    • Commonly found vulnerabilities in cloud native infrastructure
      • Volume/Network Misconfigurations
      • Exploiting Kubernetes API Server Vulnerability (CVE-2018-1002105)
      • runc exploit to do privilege escalation
      • Istio/Envoy proxy bypass access control (CVE-2019-9901)
      • Vulnerable container images
      • Extra privilege and capabilities for containers/pods
    • Applying offensive knowledge to defend cloud native infrastructure
      • Security Hardening of infrastructure
      • Network/Pod Security policies using calico/cilium
      • CIS Benchmarks for Docker and Kubernetes
      • Deployment and supply chain security
      • Logging and Monitoring
      • Runtime security monitoring using sysdig falco
      • Automated Defense in near real-time
    • Tools of the trade - Commonly useful tools for both offense & defense

Pre-requisite

  • A laptop with administrator privileges
  • At least 8GB of RAM, 10GB of Disk space free on the system
  • Laptop should support hardware-based virtualization
  • If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
  • Other virtualization software might work but we will not be able to provide support for that
  • USB Ports for copying data

Participants’ Requirements:

  • Basic knowledge of using the Linux command line
  • System administration basics like servers, applications configuration and deployment
  • Familiarity with container environments like Docker would be useful

Who should attend:

  • Penetration Testers, Security Engineers and Bug bounty hunters
  • System administrators, DevOps and SecOps Teams
  • Anyone interested in the container infrastructure security

What to expect:

  • Complete hands-on training with a practical approach and real-world scenarios
  • Ebooks of the training covering all hands-on in a step by step guide (HTML, PDF, EPub, Mobi)
  • Git repository of all the custom source code, scripts, playbooks used during the training
  • Resources and references for further learning and practice

What not to expect:

  • A lot of hand holding about basic concepts already mentioned in the things you should be familiar with
  • A lot of theory. This is meant to be a completely hands-on training

Speaker Profile:

Madhu Akula , Security Automation Engineer, APPSECCO

Madhu Akula is a security ninja, published author and cloud native researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (26, 24), BlackHat USA (2018, 2019), USENIX LISA 2018, Appsec EU 2018, All Day DevOps (2016, 2017, 2018), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2018, 2017), Nullcon 2019, SACON 2019, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200 companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible.