cyber-security-resources/docker-and-k8s-security/kubernetes/README.md

Kubernetes Security Resources

Resources from k8s, Cloud Native Foundation, and Others

• Kubernetes.io
• Kubernetes GitHub
• NSA Kubernetes Hardening Guidance
• Kubernetes Security and Disclosure Information
• Cloud Native Security
• Pod Security Standards
• CNCF SIG Security
• CNCF SIG Security Meeting Notes
• CNCF SIG Security Mailing List
• Kubernetes SIG Security
• Kubernetes SIG ecurity Meeting Notes
• Kubernetes SIG Auth (Authorization, Authentication, and Cluster Security Policy)
• Kubernetes Security Audit 2019 Results
• Kubernetes Security Audit 2021 RFP

Multiple Conference Presentations

• Compromising Kubernetes Cluster by Exploiting RBAC Permissions - Eviatar Gerzi, CyberArk (RSA 2020)
• Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO
• Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO (Extended Version)
• Advanced Persistence Threats: The Future of Kubernetes Attacks (RSAC 2020)
• Kubernetes Security Best Practices - Ian Lewis, Google
• Securing Kubernetes Secrets (Cloud Next '19)
• Jay Beale - Attacking and Defending Kubernetes - DEF CON 27 Packet Hacking Village
• The State of Kubernetes Security - Liz Rice
• DIY Pen-Testing for Your Kubernetes Cluster - Liz Rice, Aqua Security
• Kubernetes Security 101: Best Practices to Secure your Cluster

Blogs and Articles

• Container Security: Examining Potential Threats to the Container Environment
• Kubernetes securityContext: Linux capabilities in Kubernetes
• 10 Kubernetes Security Context settings you should understand
• Kubesploit: A New Offensive Tool for Testing Containerized Environments
• Securing Kubernetes Clusters by Eliminating Risky Permissions
• Using Kubelet Client to Attack the Kubernetes Cluster
• Eight Ways to Create a Pod
• Risk8s Business: Risk Analysis of Kubernetes Clusters
• How to Set Up and Manage Logs with Kubernetes
• The Current State of Kubernetes Threat Modelling
• Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes
• The Basics of Keeping Kubernetes Clusters Secure
• The Basics of Keeping Kubernetes Cluster Secure: Worker Nodes and Related Components
• How to Secure Your Kubernetes Cluster
• Kubernetes Security 101: Best Practices To Secure Your Cluster
• Kubernetes Security
• Introducing Kubernetes Goat
• Threat Matrix for Kubernetes
• Open Sourcing the Kubernetes Security Audit
• Amazon EKS Best Practices Guide for Security
• Protecting Kubernetes: The Kubernetes Attack Matrix and How to Mitigate Its Threats
• Securing the 4Cs of Cloud Native
• CVE-2018-18264 Privilege escalation through Kubernetes dashboard
• Certified Kubernetes Security Specialist (CKS) exam guide

Books

• Hacking Kubernetes by Andrew Martin, Michael Hausenblas
• Learn Kubernetes Security by Kaizhe Huang and Pranjal Jumde
• Kubernetes Security by Liz Rice and Michael Hausenblas
• Container Security by Liz Rice
• Kubernetes: Up and Running, Second Edition by Brendan Burns, Joe Beda and Kelsey Hightower
• Kubernetes Patterns: Reusable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß

Certifications

• CKAD
• CKA
• Certified Kubernetes Administrator (CKA) Course
• CKS
• Certified Kubernetes Security Specialist (CKS)
• CKSS-Certified-Kubernetes-Security-Specialist
• Certified Kubernetes Security Specialist Study Guide
• References for CKS Exam Objectives

CVEs

• Exploring container security: Vulnerability management in open-source Kubernetes
• CVE-2019-11247
• CVE-2019-11249
• CVE-2018-18264

Slides

• Communication is Key - Understanding Kubernetes Networking (KubeCon EU 2020)
• Seccomp Profiles and you: A practical guide (KubeCon EU 2020)
• Advanced Persistence Threats: The Future of Kubernetes Attacks (KubeCon EU 2020)
• Help! My Cluster Is On The Internet!

Trainings

• Secure Kubernetes
• Cloud Native Security Tutorial
• Kubernetes Security (Advanced Concepts)
• Kubernetes Goat Guide
• Katacoda Kubernetes Goat Videos
• Attacking and Auditing Docker Containers and Kubernetes Clusters
• A Cloud Guru Kubernetes Security
• SANS Cloud-Native Security Defending Containers and Kubernetes
• Tutorial: Getting Started With Cloud-Native Security - KubeCon EU 2020 - Liz Rice & Michael Hausenblas
• Control Plane Security Training
• Kubernetes Exam Simulator
• Kubernetes Security Workshop
• Linux Academy - Kubernetes Security

Repositories / Tools

Learning

• kubectl
• krew
• Bust-a-Kube
• kube-goat
• Kubernetes Goat
• Kubernetes Networking Labs for KubeCon EU 2020 Talk
• CNCF Security Audits

Attacking

• kubesploit
• kubeletctl
• kube-hunter
• Peirates

Defending

• KubiScan
• Kubernetes Audit by Trail of Bits
• kubeaudit
• falco
• kubesec
• kube-bench
• trivy
• MKIT
• kubetap
• kube-forensics
• k8s-security-dashboard
• CIS Kubernetes Benchmark - InSpec Profile
• Kube PodSecurityPolicy Advisor
• Inspektor Gadget
• Starboard
• Advocacy Site for Kubernetes RBAC
• Helm-Snyk
• Krane
• rakkess
• kubectl-who-can
• Kubernetes Security - Best Practice Guide
• External Secrets
• KubeLinter
• Open Policy Agent
• Gatekeeper
• Kyverno

Papers

• Kubernetes Security Assessment - Final Report - May 2019
• Kubernetes Security Whitepaper - June 2019
• Kubernetes Threat Model - June 2019
• Kubernetes Attack Tree
• Attacking Kubernetes - A Guide for Administrators and Penetration Testers
• CIS Kubernetes Benchmark
• Kubernetes é seguro por default ou à prova de má configuração? 🇧🇷

Podcasts

• TGI Kubernetes
• The Podlets
• Kubecast
• Kubernetes Podcast (from Google)
• PodCTL - Enterprise Kubernetes