The Advanced Kubernetes Security Professional training focuses on the complex nature of Kubernetes, which consists of more than half a dozen components. While it does offer some native security features, entirely securing the environment requires addressing various potential vulnerabilities across different layers of infrastructure.

Kubernetes is a powerful platform, but ensuring its protection can be a challenge for security, infrastructure, and DevOps engineers and architects.

One of the key advantages of Kubernetes is its extensive integrations. In this training, we leverage these integrations to create an automated and systematic set of processes. This approach ensures the security of your build and deployment process, making your Kubernetes environment more robust.

Participants will learn: 

Participants will learn how to exploit the API Server using the insecure port.
Participants will understand how service accounts function in Kubernetes.
Participants will gain knowledge about various Kubernetes components.
Participants will delve into understanding the ETCD storage.
Participants will explore the Kubernetes Attack Surface.
-----
Participants learn how to conduct Static Analysis of YAML files using Kube-audit.
Participants understand how to perform Security Assessments using Kube-hunter.
Participants learn how to utilize Kubernetes Security Context to mitigate attacks.
Participants grasp the fundamentals of role-based access controls in Kubernetes.
Participants learn the Roles, Role Bindings, Cluster Roles & Cluster Role Bindings.
Participants understand how attackers can exploit the misconfigured Kubernetes Cluster.
-----
Participants learn about the potential abuse of an exposed Kubernetes Dashboard.
Participants will learn how to conduct Static Analysis using Kubesec.
Participants will learn how to attack a misconfigured Kubelet API.
Participants will learn how to audit clusters using Kube-bench.
Participants will learn how to implement network policies.