Beginner

Attacking Kubernetes Clusters Playground

Step into the Spotlight with AppSec Expertise: Use coupon ‘SKILLUP30’ and get 30% Off on Individual Pro Annual Plans.
Learning Path
Kubernetes Security
Ideal for
Security Engineer
Cloud Engineer
DevOps
Pentester
3
Hours
1
Lessons
5
Cloud Labs

Kubernetes clusters are designed to be highly available and resilient. They are made up of several components, including the API server, etcd, kubelet, and kube-proxy, which work together to manage and maintain the cluster. 

This course is designed for security professionals and developers who want to learn how to identify and exploit vulnerabilities in Kubernetes clusters. Through a series of practical exercises, you'll learn how to attack Kubernetes clusters using different techniques and while also accruing best practices for shoring up your deployments.

Learn to identify and exploit vulnerabilities in Kubernetes Service Account tokens by locating and extracting tokens thus gaining unauthorized access to Kubernetes resources. Also, learn how to exploit vulnerabilities in Kubernetes Cluster Certificate Authorities by locating and extracting certificates thus gaining unauthorized access to Kubernetes resources and how to exploit vulnerabilities in Kubernetes TokenRequest APIs using long-lived tokens to gain persistent access to Kubernetes resources.

Learn how to exploit vulnerabilities in Kubernetes Liveness Probes to gain access to Kubernetes resources and how to exploit vulnerabilities in Kubernetes DNS by spoofing DNS responses to gain unauthorized access to Kubernetes resources.

By the end of this course, you'll have a better understanding of how to identify and exploit vulnerabilities in Kubernetes clusters, and how to protect against these types of attacks.

You might also like these courses

Or explore these Learning Paths

Labs

Basic Service Account Token Compromises

Cluster Certificate Authority Compromise Attack

Service Account Token Compromise with TokenRequest API Using Long Lived Tokens

Liveness Probe Attack

DNS Spoofing

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
Copyright AppSecEngineer © 2023