What you'll learn

Containers and Kubernetes clusters are increasingly targeted by attackers seeking to establish persistence, escalate privileges, or exfiltrate sensitive data; yet, many organizations struggle to detect and investigate these threats promptly. In this course, Specialized Hunts: Threat Hunting within Containers and Kubernetes, you’ll learn how to proactively identify and analyze malicious activity across containerized environments. First, you’ll discover how to detect remote Docker API misuse and spot suspicious container creation by examining network and host logs. Next, you’ll learn to identify reconnaissance and privilege escalation efforts against Kubernetes nodes by monitoring Kubelet API activity and correlating multiple log sources. Finally, you’ll acquire practical skills for uncovering persistence mechanisms via malicious CronJobs and investigating unauthorized access to sensitive secrets and credentials within Kubernetes. After completing this course, you’ll possess the skills and techniques needed to hunt for, investigate, and respond to real-world threats in Docker and Kubernetes environments, enhancing your ability to defend modern infrastructure against advanced attacks.