The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes

October 4th & 5th, 2023
Grand Hyatt, Kochi, India


The Kubernetes Crusade: Workshop on Defending & Attacking Kubernetes

This workshop aims to deliver a comprehensive understanding of Kubernetes attack and defense strategies through hands-on labs and demonstrations empowering participants with the knowledge to identify and mitigate vulnerabilities in their Kubernetes clusters. It covers the basics of Kubernetes and container security and provides an overview of key Kubernetes components and terminologies. Participants will learn how to establish a Kubernetes cluster via Cilium and different methods like Kind, k3s, and Kubeadm. They will also be introduced to Authorization & Authentication in K8s and deploy a sample application.

With a strong focus on Kubernetes security testing, the workshop explores Kubernetes attack surfaces and role-based access controls. Participants will gain insights into container breakout techniques and learn how to secure secrets using Sealed Secrets. The workshop further covers network policies in Kubernetes and demonstrates how to fortify the network fabric using Cilium & network security policies. As a culmination of the hands-on workshop, participants will learn about the hardening techniques for the Kubernetes environment and deep dive into detection strategies employing Falco and EFK Logging and Monitoring.

To assess the newly acquired skills, the workshop includes a Capture The Flag (CTF) challenge. Upon completing this hands-on workshop, participants will possess the knowledge and skills necessary to recognize and address vulnerabilities in their Kubernetes clusters effectively.


Open source Cloud9 IDE with complete setup will be provided to all the participants for hassle free learning experience

Course Content (ToC):

  • Day 1:
    • Kubernetes & Container Basics
      • Introduction To Container Security
      • Preparing the Environment for Lab Setup
      • Understanding Container Layers
      • Lab: Docker Layers & Dockerfile Demo
      • Lab: Dive For Secret Exfiltration
    • Introduction to Kubernetes
    • Explanation of Key Kubernetes Components
      • - Important Kubernetes Terminologies
    • Establishing a Kubernetes Cluster via Cilium
      • Lab: Setup Kind
      • Lab: Kind Cluster Validation
    • Difference between minikube, k3s , Kind & kubeadm
    • Lab: Validation of Cluster Configuration
    • Authentication & Authorization In K8s
      • Lab: Authentication In K8s
      • Lab: RBAC via Role & RoleBinding
      • Lab: RBAC via Cluster Role & ClusterRoleBinding
    • Services in Kubernetes
    • Lab: Kubectl CLI Basics
    • Theory: Overview of Kubernetes Cluster
    • Basic of Helm
      • Lab: Deploy the basic application using Helm
    • Lab: Deploying a Sample Application
      • Theory: Working of Sample Application
      • Lab: Validation of Sample Application
    • Kubernetes Security Testing
    • Kubernetes Attack Surface
    • Kubernetes Cluster Enumeration
      • Lab: External Kubernetes Cluster Enumeration
      • Lab: Internal Kubernetes Cluster Enumeration
    • Lab: Exploiting Vulnerable K8s Application
    • Attacking Role Based Access Controls
      • Lab: Exploit RBAC Misconfiguration
    • Post-exploitation: Container Breakout Techniques
      • Lab: Host PID True
      • Lab: Host Network True
      • Lab: Host IPC True
      • Lab: Host Volume Mount
      • Lab: Privileged True
    • Post-exploitation: Common Attack Techniques & Demo Setup
      • Demo: Docker Socket Mount:DIND
      • Demo: Setup Misconfigured Kube API Server
      • Lab: Misconfigured Kube API Server
      • Demo: Unauthenticated Kubernetes Dashboard
      • Lab: Unauthenticated Kubernetes Dashboard
      • Cleanup: Terminating Misconfigured Cluster
    • Lab: Exploiting Private Docker registry
    • Lab: Backdooring Docker Image
    • Theory: CVE-2021-25741
    • Theory: Docker Capabilities
  • Day 2
    • OWASP Kubernetes Top 10
    • Automated Vulnerability Analysis of Kubernetes
      • Lab: RBAC: Kubernetes-rbac-audit
      • Lab: KubeSec
      • Lab: Kube Audit
      • Lab: Kube-bench
      • Lab: Kube-hunter
      • Lab: Checkov
    • Protection Strategies
    • Network Policies - Kubernetes
      • Lab: Secure Network Policies
    • Authorization Implementation
      • Lab: RBAC Authorization
    • Securing Secrets in Kubernetes
      • Lab: Basic Secrets
      • Lab: Sealed Secrets
    • Kyverno Admission Controller
      • Setup & Demo: Basics of Kyverno
      • Lab: Basics of Kyverno
    • Network Fabric: Cilium
      • Demo: Basics of Cilium
      • Lab: Cilium
    • Hardening Kubernetes
      • Configure a Basic Security Context
      • Configure AppArmor Profiles
      • Configure Seccomp Profiles
    • Istio Service Mesh
      • Lab: Istio Service Mesh
      • Demo: Kiali Dashboard
      • Quiz: Service Mesh
      Detection Strategies
    • Falco & EFK Logging and Monitoring Kubernetes Security Testing Lab
    • Lab: Kubernetes Security Testing CTF Lab
      • Lab: AWS Architecture Explanation
      • Lab: Kubernetes Cluster Explanation
      • Lab: Enumeration: From Vulnerable Cluster Web UI
    • CTF Challenge


  • Basic knowledge of the Linux command line
  • Familiarity with system administration tasks like server and application configuration and deployment
  • Understanding of container environments like Docker and distributed systems is advantageous


Participants Requirements:

At least 4GB & 2 CPU Laptops and access to wireless internet connectivity and updated browsers.


2 days

PaWho should attend:

  • Developers, DevOps, DevSecops, Pentesters, and Cloud Engineers.
  • Freshers willing to start Kubernetes Security.
  • Red & Blue Teams, who want to learn both offensive and defensive sides.

What to expect:

  • Hands-on experience with real-world problem scenarios along with concepts explained in detail.
  • For the entire course, a step-by-step, comprehensive guide will be provided.
  • Open source tools & resources for additional information on Kubernetes security
  • Real-world scenarios were found during the Kubernetes penetration testing engagements.

What not to expect:

  • In-depth coverage of general Kubernetes administration.
  • Training on third-party tools and technologies that are not directly related to Kubernetes security.


Divyanshu Shukla

Senior Security Engineer , Meesho , India

Senior security engineer with more than 5 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author Burp-o-mation and very vulnerable serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member. He has also given training and seminars in events like Nullcon, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.

Ravi Mishra

Lead Devops , Groww , India

7+ years of experience in DevSecops & DevOps. Currently working as Lead DevOps @ Groww Highly Skilled in IAC Security, AWS & GCP Security, SRE, Container Security, K8s (EKS & GKE) Security. Experienced In deploying EKS & GKE Cluster. Previously worked with DevOps Engineering Teams in OLX Group, Paytm Bank, and Opstree. He has also given training and seminars in events like Null Community & Bsides Bangalore


Information Security Research Association Kerala Police


UNICEF UNICRI Centre for Artificial Intelligence and Robotics International Centre for Missing & Exploited Children WeProtect Global Alliance CESP | Conseil Européen des Syndicats de Police Kerala IT Mission


Federal Bank Synthite RP GRPUP


Keyzotrick Intelligence Pvt. Ltd National Critical Information Infrastructure Protection Centre Bharat Petroleum Palo Alto Networks Cyble - Cybersecurity Threat Intelligence Platform & Solutions Seqrite


Cochin Shipyard ICICI Bank State Bank of India SBI Life Geojit SFS Homes Cochin International Airport Manage Engine Resecurity: Cybersecurity Solutions and Services Fortinet Technologies India Pvt Ltd &


GAIL (india) LIMITED Canara Bank Elite Foods CSB Bank Petronet LNG Luker India Trend Micro AVT Natural CYFIRMA Indian Oil Corporation Cochin Port Trust Kerala State Industrial Development Corporation ESAF Bank The Kerala Minerals and Metals Limited


PureID Cyble - Cybersecurity Threat Intelligence Platform & Solutions Resecurity: Cybersecurity Solutions and Services Prophaze Manage Engine Darwis Fortinet Technologies India Pvt Ltd & Alibi Global Private Limited eSec Forte Technologies Palo Alto Networks Seqrite Innspark Enterprise Security C-DAC: Centre for Development of Advanced Computing, India ECS Biztech State Bank of India Kratikal Tech Pvt. Ltd. CYFIRMA TerraEagle Netskope Geojit


EliteCISOs GTech - Group of Technology Companies - Technopark, Infopark, Cyberpark BSides Odisha


WTC Kochi


Information Security Media Group The 420



Jet Suit demo partner


c0c0n @16

c0c0n is a 15 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Where & When?

Oct 04th to 07th 2023
Grand Hyatt, Kochi, India

Reach us @

(+91) 974-690-6654