Container Infrastructure Analysis with kube-hunter

Want to learn how to analyze (and prevent) security weaknesses in Kubernetes? If so, you're in the right place! In this course, you will learn Container Infrastructure Analysis with kube-hunter.
Course info
Level
Intermediate
Updated
Apr 20, 2021
Duration
42m
Table of contents
Description
Course info
Level
Intermediate
Updated
Apr 20, 2021
Duration
42m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

“Common” Kubernetes (K8s) hardening suggests a focus on the control plane. But what if a cluster could be backdoored through the kubelet? In this course, Container Infrastructure Analysis with kube-hunter, we will use kube-hunter to investigate a K8s attack. First, you will use kube-hunter to enumerate security weaknesses in a K8s cluster. Second, you’ll use kube-hunter findings (i.e., a discovered kubelet endpoint) to investigate privilege escalation. Third, you’ll leverage the privilege escalation findings to detect a persistence method (i.e., a malicious container image) through Trivy . Fourth, you’ll harden K8s so the aforementioned attack can’t occur again! When you’re finished with this course, you’ll have the skills and knowledge to detect these techniques: System Services (T1569), Exploitation for Privilege Escalation (T1068), and Implant Container Image (T1525).

Course FAQ
Course FAQ
What is kube-hunter?

kube-hunter is an open-source tool that hunts for security issues in your Kubernetes clusters. It is designed to increase awareness and visibilty of the security controls in Kubernetes enviroments.

What will you learn in this cyber security course?

In this cyber security course you will learn how to use kube-hunter and Pod Security Policies to search for and prevent Kubernetes threats.

What is Kubernetes?

Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management.

What are Pod Security Policies?

Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The policy defines a set of conditions that a pod must run with in order to be accepted into the system.

What is Trivy?

Trivy is an easy-to-use and comprehensive and open source vulnerability scanner for container images.

About the author
About the author

Zach’s curiosity has led him to roles in Software Development, DevOps, and Security. By drawing on these fields, Zach’s goal is to empower learners with a unique, cross-discipline skill set.

More from the author
Command and Control with Merlin
Intermediate
27m
Dec 21, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and this cybersecurity tools course featuring kube‑hunter, the open source container infrastructure analysis tool developed and maintained by Aqua Security. As more applications move into Kubernetes, it's pivotal that you are able to hunt for Kubernetes threats. In this course, you will execute kube‑hunter on a vulnerable Kubernetes cluster. You will then use the kube‑hunter findings to investigate an attack that chains together multiple Kubernetes vulnerabilities. You will investigate remote code execution and expose metadata endpoint and even container image tampering. But wait, there's more. You will also learn how to prevent attacks by using Pod security policies. While it would be helpful to have a basic understanding of Kubernetes, I've got you. I'll explain Kubernetes basics as we move throughout the course. If you're a blue teamer looking to defend against Kubernetes attacks or a red teamer looking to exploit modern defense patterns, you are in the right place, and all you need to do is to continue into this course. I've got you!