Basic training: Attack & Defend Container Environments (Kubernetes/Docker)

In a world where progress is always linked to digital progress, companies need to react to changes and implement innovations ever more quickly and agilely. This is where lightweight container technologies such as Docker come in, which, in combination with orchestration tools such as Kubernetes and the possibilities of the cloud, can ensure maximum scalability and flexibility for entire network and application infrastructures. Used correctly, these systems can even ensure greater security. However, small errors in this complex system landscape offer countless opportunities for attacks that can have devastating effects, including the complete compromise of an organization’s IT infrastructure.

What should the participants learn in the training?

In our 1-day workshop, we explain the basic technologies used and their concepts in the simplest and clearest way possible. With the newly acquired knowledge, we then demonstrate a variety of possible attacks, as well as their causes and effects. We move laterally as attackers in container environments with the aim of compromising the entire IT landscape, through to company-wide cloud environments, such as Amazon AWS or Microsoft Azure.
At the end of the workshop, we will show how to detect and prevent the demonstrated attacks and what options and tools are available for forensic analysis and hardening.

What are the contents?

Basic concepts
– Virtualization and containers
– Cloudstack
– Linux (security) basics
Docker:
– Overview and components
– Attack possibilities
– Demonstration of attacks in live environments
– Countermeasures, security best practice recommendations
Kubernetes:
– Overview and components
– Attack possibilities
– Demonstration of attacks in live environments
– Countermeasures, security best practice recommendations
– Questions and concluding discussion

What is the target group (prior knowledge etc.)?

Cloud engineers, cloud architects, DevOps personnel, application developers, IT project managers and other technical staff, as well as managers who have a basic IT background. As the workshop is NOT hands-on and takes place online, there are no prerequisites in terms of IT-equipment.
An advanced hands-on workshop on the topic is planned in the future (if you are interested, please send us a short email to: info@nsideattacklogic.de with the subject: Interest in advanced training: Attack & Defend Container Environments (Kubernetes/Docker)).

How long should the training last?

Duration: 1 Day

OFFENSIVE CYBER SECURITY

Contact us to uncover and close your security gaps.