Kubernetes clusters are designed to be highly available and resilient. They are made up of several components, including the API server, etcd, kubelet, and kube-proxy, which work together to manage and maintain the cluster.
This course is designed for security professionals and developers who want to learn how to identify and exploit vulnerabilities in Kubernetes clusters. Through a series of practical exercises, you'll learn how to attack Kubernetes clusters using different techniques and while also accruing best practices for shoring up your deployments.
Learn to identify and exploit vulnerabilities in Kubernetes Service Account tokens by locating and extracting tokens thus gaining unauthorized access to Kubernetes resources. Also, learn how to exploit vulnerabilities in Kubernetes Cluster Certificate Authorities by locating and extracting certificates thus gaining unauthorized access to Kubernetes resources and how to exploit vulnerabilities in Kubernetes TokenRequest APIs using long-lived tokens to gain persistent access to Kubernetes resources.
Learn how to exploit vulnerabilities in Kubernetes Liveness Probes to gain access to Kubernetes resources and how to exploit vulnerabilities in Kubernetes DNS by spoofing DNS responses to gain unauthorized access to Kubernetes resources.
By the end of this course, you'll have a better understanding of how to identify and exploit vulnerabilities in Kubernetes clusters, and how to protect against these types of attacks.
Basic Service Account Token Compromises
Cluster Certificate Authority Compromise Attack
Service Account Token Compromise with TokenRequest API Using Long Lived Tokens
Liveness Probe Attack
DNS Spoofing
.svg)
.svg)
Contact Support
help@appsecengineer.com
1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States
.svg)
