Introduction

As organizations increasingly adopt microservices and distributed architectures, ensuring the security of Kubernetes environments becomes critical. This course introduces participants to the essential concepts of container and Kubernetes security, with a focus on AWS EKS. You will learn about common vulnerabilities, tools, and techniques for attacking and securing applications within EKS clusters. The course will also guide you through security audits, leveraging industry best practices, tools, and custom scripts to evaluate and enhance the security posture of your Kubernetes deployments.

Throughout the course, real-world examples from penetration testing engagements will be shared, bridging the gap between theoretical knowledge and practical application. By the end of this training, you will be well-equipped to identify, exploit, and secure applications running in AWS EKS clusters.

Prerequisite (Mandatory)

• GitHub Codespace Setup: Use GitHub Codespace to set credentials and deploy infrastructure for learning.
• Bring Your Own AWS Account: Participants must bring their own AWS account with billing enabled and admin privileges.
• Bring Your Laptop: Ensure you have your laptop ready for hands-on activities.

Takeaways

• In-depth Hands-on Training: Led by experienced professionals in AWS & EKS Security.
• Extended Lab Access: Enjoy access to course content after the class to reinforce your learning.
• Real World Scenario: Test your skills with a real-world vulnerable scenario leading to AWS EKS exploitation.
• Comprehensive Course Materials: Receive a training presentation covering all the content discussed during the course.

Disclaimer

• The information, commands, and demonstrations presented in this course, AWS EKS Red Team Masterclass - From Exploitation to Defense, are intended strictly for educational purposes. Under no circumstances should they be used to compromise or attack any system outside the boundaries of this educational session unless explicit permission has been granted.

  • This course is provided by the instructors independently and is not endorsed by their employers or any other corporate entity. The content does not necessarily reflect the views or policies of any company or professional organization associated with the instructors.

• Usage of Training Material: The training material is provided without warranties or guarantees. Participants are responsible for applying the techniques or methods discussed during the training. The trainers and their respective employers or affiliated companies are not liable for any misuse or misapplication of the information provided.

• Liability: The trainers, their employers, and any affiliated companies are not responsible for any direct, indirect, incidental, or consequential damages arising from the use of the information provided in this course. No responsibility is assumed for any injury or damage to persons, property, or systems as a result of using or operating any methods, products, instructions, or ideas discussed during the training.

• Intellectual Property: This course and all accompanying materials, including slides, worksheets, and documentation, are the intellectual property of the trainers. They are shared under the Apache License 2.0, which requires that appropriate credit be given to the trainers whenever the materials are used, modified, or redistributed.

• References: Some of the labs referenced in this workshop are based on open-source materials available at Amazon EKS Security Immersion Day GitHub repository, licensed under the MIT License. Additionally, modifications and fixes have been applied using AI tools such as Amazon Q, ChatGPT, and Gemini.

• Educational Purpose: This lab is for educational purposes only. Do not attack or test any website or network without proper authorization. The trainers are not liable or responsible for any misuse.

• Usage Rights: Individuals are permitted to use this course for instructional purposes, provided that no fees are charged to the students.

Credits

Reach out in case of missing credits.

• Kubernetes Architecture
• Credits for image: Offensive Security Say – Try Harder!
• madhuakula
• vulhub
• Amazon EKS Security Immersion Day
• eksworkshop.com - GuardDuty Log Monitoring
• Kubernetes Architecture
• Tech Blog by Anoop Ka - Kyverno
• Microsoft Attack Matrix for Kubernetes
• Datadog Security Labs - EKS Attacking & Securing Cloud Identities
• HackTricks AWS EKS Enumeration
• AWS EKS Best Practices
• Amazon EMR IAM Setup for EKS
• AWS EKS Pod Identities
• Anais URL - Container Image Layers Explained
• GitLab - Beginner’s Guide to Container Security
• Wiz.io Academy - What is Container Security
• JFrog Blog - 10 Helm Tutorials
• Datadog Security Labs - EKS Cluster Access Management
• ChatGPT - For Re-phrasing & Re-writing
• Okey Ebere Blessing - AWS EKS Authentication & Authorization
• Microsoft Blog - Attack Matrix for Kubernetes
• Subbaraj Penmetsa - OPA Gatekeeper for Amazon EKS
• Open Policy Agent GitHub
• OPA Gatekeeper Documentation
• Gatekeeper Library on GitHub
• CDK EKS Blueprints - OPA Gatekeeper
• AWS EKS Documentation
• Datadog Security Labs - EKS Attacking & Securing Cloud Identities
• Cloud HackTricks Kubernetes Enumeration
• Attacking & Defending Kubernetes training

❗❗ ⚠️ IMPORTANT NOTICE: Please use a new or dedicated AWS account for these operations. Some commands may delete data or resources within the AWS environment. The author assumes no responsibility for any data loss or unintended consequences resulting from the use of these commands. ❗❗

⭐⭐⭐⭐⭐