Agenda

Workshop Overview

This workshop provides participants with a deep dive into securing and defending AWS EKS. The session begins with a foundational understanding of Kubernetes and AWS EKS terminologies, followed by hands-on labs simulating real-world attack scenarios and defense strategies. Participants will learn how to exploit vulnerabilities within an EKS cluster and how to mitigate these threats effectively.

The workshop is designed to cover both offensive techniques (exploiting vulnerabilities) and defensive strategies (hardening and monitoring). By the end of the session, participants will gain practical experience in safeguarding applications running in AWS EKS environments.

Key Components

Container Security Overview

  • Introduction to Docker
    • Lab: Understanding Docker Images and Layers
    • Docker Namespaces and Control Groups (CGroups)
    • Lab: Docker Secrets
  • Static Analysis of Docker Containers (SAST)
    • Lab: Using Dockle and Hadolint
    • Lab: Audits with AquaSecurity Docker Bench Security

AWS Elastic Container Registry (ECR) Overview

  • Lab: AWS ECR Image Scanning
  • Lab: AWS ECR Immutable Image Tag

AWS EKS Fundamentals

  • Lab: Deploying a Vulnerable AWS EKS Infra
    • Kubernetes Architecture
    • AWS EKS Terminologies
    • EKS Authentication & Authorisation
  • Lab: Exploiting the Sample Application
    • Lab: Enumerate & Exploit Web Application for Vulnerability
    • Lab: Using IMDSv2 to Exfiltrate Credentials
    • Lab: Enumerate ECR Repositories Using Credentials
    • Lab: Backdooring a Docker Image
    • Lab: Exploiting AWS EKS Cluster
    • Lab: Breaking Out from Pod to Node
    • Lab: Privilege Escalation & S3 Exploitation
    • Lab: Cleanup EC2 Instance

Automated Scanning in EKS

  • Lab: Scanning Using Kubescape
  • Lab: Scanning Using Kubebench

Defense & Hardening in EKS

  • Lab: Pod Security Context
  • Lab: Using CEL for Policy Enforcement via Kyverno
  • Lab: AWS GuardDuty for Threat Detection
  • Lab: Runtime Security with eBPF Tetragon
  • Lab: Destroy EKS Vulnerable Infra

Hands-On Labs

Participants will engage in the following hands-on labs:

  • Exploiting Sample Applications: Simulating real-world attacks by identifying and exploiting web application vulnerabilities within the EKS environment.
  • Using IMDSv2: Extract AWS credentials via metadata service vulnerabilities.
  • Backdooring Docker Images: Injecting malicious code into Docker images and deploying it within EKS.
  • EKS Cluster Exploitation: Identify and exploit misconfigurations in the EKS environment.
  • Pod to Node Breakout: Gaining unauthorized access to the underlying node from a compromised pod.
  • Privilege Escalation and S3 Exploitation: Escalating privileges and compromising sensitive data stored in S3.

Learning Objectives

  • Gain a deep understanding of AWS EKS security concepts.
  • Learn how to exploit vulnerabilities and misconfigurations in AWS EKS clusters.

Outline

  • Lab Environment Setup:

    • Lab: Setup AWS IAM User
    • Lab: Setup GitHub Codespace
    • Lab: Deploying a Vulnerable AWS EKS Infra

  • Introduction to AWS EKS:

    • Theory: Kubernetes Architecture Overview
    • Theory: AWS EKS Terminologies
    • Theory: EKS Authentication & Authorization

  • Lab: Exploiting the Sample Application:

    • Lab: Enumerating & Exploiting a Web Application Vulnerability
    • Lab: Using IMDSv2 to Exfiltrate Credentials
    • Lab: Exploiting ECR by Backdooring a Docker Image
    • Lab: Exploiting AWS EKS Cluster
    • Lab: Breaking Out from Pod to Node
    • Lab: Privilege Escalation & S3 exploitation for flag

⭐⭐⭐⭐⭐