English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 202 lectures (11h 6m) | 5.43 GB
Theory | Practice | Browser Scenarios
all you need for your Certified Kubernetes Security Specialist preparation in one place !
I’m Kim, Kubernetes Trainer and Author, also the creator of the Killer Shell CKS|CKA|CKAD Simulators.
We will present every CKS topic to you in a simple, visual and easy way
For every topic we’ll also run through various practical hands-on challenges together
We’ll setup your own CKS cluster together, for this we provide simple scripts!
In addition you’ll also get access to ~40 browser scenarios and challenges
We also have a Github course repository with various examples which we use throughout this course
Join the Killer Shell private Slack community for exam and topic discussion
Browser Scenarios and Challenges
We have ~40 browser scenarios for various topics for which access comes included in this course:
Please expect this course to take more time than just our recorded hours. For most topics you’ll need some time to implement the scenarios yourself. Also breaks (hours or even days) between sections/topics should be advised to prevent brain implosion
What you’ll learn
- Complete CKS preparation
- CKS full Theory and Practice
- Kubernetes Security Concepts
- Think from a hackers perspective
- Deep technical insight into Kubernetes
Table of Contents
Introduction
1 Welcome
2 Best Video Quality
3 Slack Community
4 K8s Security Best Practices
Create your course K8s cluster
5 Cluster Specification
6 Practice Create GCP Account
7 Practice Configure gcloud command
8 Practice Create Kubeadm Cluster in GCP
9 Practice Firewall rules for NodePorts
10 Notice Always stop your instances
11 Containerd Course Upgrade
12 Recap
Killercoda Access
13 How to get Access
14 Your Access Code
Foundation Kubernetes Secure Architecture
15 Intro
16 Practice Find various K8s certificates
17 Recap
Foundation Containers under the hood
18 Intro
19 Container Tools Introduction
20 Practice The PID Namespace
21 Recap
22 TEST Docker Container Namespaces
23 TEST Podman Container Namespaces
Cluster Setup Network Policies
24 Cluster Reset
25 Introduction 1
26 Introduction 2
27 Practice Default Deny
28 Practice Frontend to Backend traffic
29 Practice Backend to Database traffic
30 Recap
31 TEST DefaultDeny Network Policy
32 TEST NetworkPolicy Namespace Communication
Cluster Setup GUI Elements
33 Introduction
34 Practice Install Dashboard
35 Practice Outside Insecure Access
36 Practice RBAC for the Dashboard
37 Recap
Cluster Setup Secure Ingress
38 K8s Docs in correct Version
39 Introduction
40 Practice Create an Ingress
41 Practice Secure an Ingress
42 Recap
43 TEST Create an Ingress
44 TEST Secure an Ingress
Cluster Setup Node Metadata Protection
45 Introduction
46 Practice Access Node Metadata
47 Practice Protect Node Metadata via NetworkPolicy
48 Recap
49 TEST NetworkPolicy Metadata Protection
Cluster Setup CIS Benchmarks
50 Introduction
51 Practice CIS in Action
52 Practice kubebench
53 Recap
54 TEST Apply CIS rules for Controlplane
Cluster Setup Verify Platform Binaries
55 Introduction
56 Practice Download and verify K8s release
57 Practice Verify apiserver binary running in our cluster
58 Recap
59 TEST Verify Kubelet Binary
Cluster Hardening RBAC
60 Intro
61 Practice Role and Rolebinding
62 Practice ClusterRole and ClusterRoleBinding
63 Accounts and Users
64 Practice CertificateSigningRequests
65 Recap
66 TEST RBAC ServiceAccount Permissions
67 TEST RBAC User Permissions
68 TEST CertificateSigningRequests Sign Manually
69 TEST CertificateSigningRequests Sign via API
Cluster Hardening Exercise caution in using ServiceAccounts
70 Intro
71 Practice Pod uses custom ServiceAccount
72 Practice Disable ServiceAccount mounting
73 Practice Limit ServiceAccounts using RBAC
74 Recap
75 TEST ServiceAccount Token Mounting
Cluster Hardening Restrict API Access
76 Introduction
77 Practice Anonymous Access
78 Practice Insecure Access
79 Practice Manual API Request
80 Practice External Apiserver Access
81 NodeRestriction AdmissionController
82 Practice Verify NodeRestriction
83 Recap
84 TEST Crash that Apiserver
85 TEST Apiserver Manifest Misconfigured
86 TEST NodeRestriction
Cluster Hardening Upgrade Kubernetes
87 Introduction
88 Ubuntu 2004 Update
89 Practice Create outdated cluster
90 Practice Upgrade controlplane node
91 Practice Upgrade node
92 Recap
Microservice Vulnerabilities Manage Kubernetes Secrets
93 Introduction
94 Practice Create Simple Secret Scenario
95 Practice Hack Secrets in Container Runtime
96 Practice Hack Secrets in ETCD
97 ETCD Encryption
98 Practice Encrypt ETCD
99 Recap
100 TEST Access Secrets in Pods
101 TEST Read Secret Values
102 TEST Secrets Pods and ServiceAccount
103 TEST ETCD Encryption
Microservice Vulnerabilities Container Runtime Sandboxes
104 Introduction
105 Practice Container calls Linux Kernel
106 Open Container Initiative OCI
107 Sandbox Runtime Katacontainers
108 Sandbox Runtime gVisor
109 Practice Create and use RuntimeClasses
110 Practice Install and use gVisor
111 Recap
112 TEST gVisor and RuntimeClass
Microservice Vulnerabilities OS Level Security Domains
113 Intro and Security Contexts
114 Practice Set Container User and Group
115 Practice Force Container NonRoot
116 Privileged Containers
117 Practice Create Privileged Containers
118 PrivilegeEscalation
119 Practice Disable PriviledgeEscalation
120 TEST Privileged Containers
121 TEST Privilege Escalation Containers
Microservice Vulnerabilities mTLS
122 Intro
123 Practice Create sidecar proxy
124 Recap
Open Policy Agent OPA
125 Cluster Reset
126 Introduction
127 Practice Install OPA
128 Practice Deny All Policy
129 Practice Enforce Namespace Labels
130 Practice Enforce Deployment replica count
131 Practice The Rego Playground and more examples
132 Recap
Supply Chain Security Image Footprint
133 Introduction
134 Practice Reduce Image Footprint with MultiStage
135 Practice Secure and harden Images
136 Recap
137 TEST Image Footprint User
138 TEST Image Container Hardening
Supply Chain Security Static Analysis
139 Introduction
140 Kubesec
141 Practice Kubesec
142 OPA Conftest
143 Practice OPA Conftest for K8s YAML
144 Practice OPA Conftest for Dockerfile
145 Recap
146 TEST Manual Static Analysis K8s
147 TEST Manual Static Analysis Docker
Supply Chain Security Image Vulnerability Scanning
148 Introduction
149 Clair and Trivy
150 Practice Use Trivy to scan images
151 Recap
152 TEST Scan images using Trivy
Supply Chain Security Secure Supply Chain
153 Introduction
154 Practice Image Digest
155 Practice Whitelist Registries with OPA
156 ImagePolicyWebhook
157 Practice ImagePolicyWebhook
158 Recap
159 TEST Complete ImagePolicyWebhook Setup
160 TEST Use Image Digest
Runtime Security Behavioral Analytics at host and container level
161 Introduction
162 Practice Strace
163 Practice Strace and proc on ETCD
164 Practice proc and env variables
165 Practice Falco and Installation
166 Practice Use Falco to find malicious processes
167 Practice Investigate Falco rules
168 Practice Change Falco Rule
169 Recap
170 TEST Syscall Activity Strace
171 TEST Falco Rule Change
Runtime Security Immutability of containers at runtime
172 Introduction
173 Ways to enforce immutability
174 Practice StartupProbe changes container
175 Practice SecurityContext renders container immutable
176 Recap
177 TEST Immutability Readonly Filesystem
Runtime Security Auditing
178 Introduction
179 Practice Enable Audit Logging in Apiserver
180 Practice Create Secret and check Audit Logs
181 Practice Create advanced Audit Policy
182 Recap
183 TEST Enable Audit Logging
System Hardening Kernel Hardening Tools
184 Introduction
185 AppArmor
186 Practice AppArmor for curl
187 Practice AppArmor for Docker Nginx
188 Practice AppArmor for Kubernetes Nginx
189 Seccomp
190 Practice Seccomp for Docker Nginx
191 Practice Seccomp for Kubernetes Nginx
192 Recap
193 TEST AppArmor
System Hardening Reduce Attack Surface
194 Introduction
195 Practice Systemctl and Services
196 Practice Install and investigate Services
197 Practice Disable application listening on port
198 Practice Investigate Linux Users
199 Recap
200 TEST Close Open Ports
201 TEST Manage Packages
Linux Foundation Simulator Sessions
202 Linux Foundation Simulator Sessions
Resolve the captcha to access the links!