Logo

Pentesting Docker, Swarm & Kubernetes Clusters

Containerisation and orchestration have changed the way in which today’s technologies are deployed and managed. Attack techniques require reinvention and security professionals are bound to acquire the necessary skills to competently analyse these environments.

This training is designed for RedTeam security professionals interested in acquiring practical applied security knowledge on containerisation and orchestration from an offensive perspective.

Different types of analysis are covered on Docker, Docker Swarm and Kubernetes clusters. The training will do a deep-dive on the offensive side, attack techniques related to containers/pods compromising, exploitation, networking abuses, privileges escalation, persistence, lateral movement and node takeover among others will be explained.

Topics:

  • Docker Black Box Analysis
    • Recognizing container environments
    • Container introspection: named/bind volumes, sensitive data and more
    • Scanning Docker networks
    • Abusing Docker networks defaults
    • Pivoting: Compromising the whole Docker environment
    • Abusing privileged containers
    • Abusing docker.sock exposure
    • Abusing Docker API exposure
    • Abusing Docker Registry API exposure
  • Docker White Box Analysis
    • Common security issues in Dockerfile
    • Common security issues in Docker compose
  • Swarm Black Box Analysis
    • Differences between Docker and Docker Swarm
    • Swarm secrets not too secret
    • Abusing Swarm networks features
    • Pivoting across containers in multi-services & escalated environments
    • Persistence: Creating backdoored services
  • Swarm White Box Analysis
    • Common security issues in Stack deployment files
  • Kubernetes Black Box Analysis
    • Detecting Kubernetes Orchestration
    • Container introspection: Persistent volumes, secrets, configmaps and more
    • Discovering & Scanning pods along the entire cluster
    • Pivoting across pods and network namespaces
    • Abusing Service Account Token
    • Abusing exposed Kube API and Kubelet API
  • Kubernetes Grey Box Analysis
    • Cluster Inspection
    • Services Scanning
    • RBAC (Role-based Access Control) audit
    • Users impersonation
    • Backdoors and Node Takeover
  • Kubernetes White Box Analysis
    • Common security issues in K8s YAML files
    • RBAC (Role-based Access Control) YAML inspection
Duration: 1 day
Presented by: Sheila A. Berta & Sol Ozzan