cyber-security-resources/docker-and-k8s-security/kubernetes

Kubernetes Security Resources

Resources from k8s, Cloud Native Foundation, and Others

• Kubernetes.io
• Kubernetes GitHub
• Kubernetes Security and Disclosure Information
• Cloud Native Security
• Pod Security Standards
• CNCF SIG Security
• CNCF SIG Security Meeting Notes
• CNCF SIG Security Mailing List
• Kubernetes SIG Security
• Kubernetes SIG ecurity Meeting Notes
• Kubernetes SIG Auth (Authorization, Authentication, and Cluster Security Policy)
• Kubernetes Security Audit 2019 Results
• Kubernetes Security Audit 2021 RFP

Multiple Conference Presentations

• Compromising Kubernetes Cluster by Exploiting RBAC Permissions - Eviatar Gerzi, CyberArk (RSA 2020)
• Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO
• Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO (Extended Version)
• Advanced Persistence Threats: The Future of Kubernetes Attacks (RSAC 2020)
• Kubernetes Security Best Practices - Ian Lewis, Google
• Securing Kubernetes Secrets (Cloud Next '19)
• Jay Beale - Attacking and Defending Kubernetes - DEF CON 27 Packet Hacking Village
• The State of Kubernetes Security - Liz Rice
• DIY Pen-Testing for Your Kubernetes Cluster - Liz Rice, Aqua Security
• Kubernetes Security 101: Best Practices to Secure your Cluster
• Kubernetes Security 101: OWASP Natal Virtual Meeting 🇧🇷

Blogs and Articles

Container Security: Examining Potential Threats to the Container Environment

Kubernetes securityContext: Linux capabilities in Kubernetes

10 Kubernetes Security Context settings you should understand

Kubesploit: A New Offensive Tool for Testing Containerized Environments

Securing Kubernetes Clusters by Eliminating Risky Permissions

Using Kubelet Client to Attack the Kubernetes Cluster

Eight Ways to Create a Pod

Risk8s Business: Risk Analysis of Kubernetes Clusters

How to Set Up and Manage Logs with Kubernetes

The Current State of Kubernetes Threat Modelling

Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes

The Basics of Keeping Kubernetes Clusters Secure

The Basics of Keeping Kubernetes Cluster Secure: Worker Nodes and Related Components

How to Secure Your Kubernetes Cluster

Kubernetes Security 101: Best Practices To Secure Your Cluster

Kubernetes Security

Introducing Kubernetes Goat

Threat Matrix for Kubernetes

Open Sourcing the Kubernetes Security Audit

Amazon EKS Best Practices Guide for Security

Protecting Kubernetes: The Kubernetes Attack Matrix and How to Mitigate Its Threats

Securing the 4Cs of Cloud Native

CVE-2018-18264 Privilege escalation through Kubernetes dashboard

Certified Kubernetes Security Specialist (CKS) exam guide

Books

Hacking Kubernetes by Andrew Martin, Michael Hausenblas

Learn Kubernetes Security by Kaizhe Huang and Pranjal Jumde

Kubernetes Security by Liz Rice and Michael Hausenblas

Container Security by Liz Rice

Kubernetes: Up and Running, Second Edition by Brendan Burns, Joe Beda and Kelsey Hightower

Kubernetes Patterns: Reusable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß

Certifications

• CKAD

• CKA

• Certified Kubernetes Administrator (CKA) Course

• CKS

• Certified Kubernetes Security Specialist (CKS)

• CKSS-Certified-Kubernetes-Security-Specialist

• Certified Kubernetes Security Specialist Study Guide

• References for CKS Exam Objectives

CVEs

Exploring container security: Vulnerability management in open-source Kubernetes

CVE-2019-11247

CVE-2019-11249

CVE-2018-18264

Slides

Communication is Key - Understanding Kubernetes Networking (KubeCon EU 2020)

Seccomp Profiles and you: A practical guide (KubeCon EU 2020)

Advanced Persistence Threats: The Future of Kubernetes Attacks (KubeCon EU 2020)

Help! My Cluster Is On The Internet!

Trainings

Secure Kubernetes

Cloud Native Security Tutorial

Kubernetes Security (Advanced Concepts)

Kubernetes Goat Guide

Katacoda Kubernetes Goat Videos

Attacking and Auditing Docker Containers and Kubernetes Clusters

A Cloud Guru Kubernetes Security

SANS Cloud-Native Security Defending Containers and Kubernetes

Tutorial: Getting Started With Cloud-Native Security - KubeCon EU 2020 - Liz Rice & Michael Hausenblas

Control Plane Security Training

Kubernetes Exam Simulator

Kubernetes Security Workshop

Linux Academy - Kubernetes Security

Repositories / Tools

Learning

kubectl

krew

Bust-a-Kube

kube-goat

Kubernetes Goat

Kubernetes Networking Labs for KubeCon EU 2020 Talk

CNCF Security Audits

Attacking

kubesploit

kubeletctl

kube-hunter

Peirates

Defending

KubiScan

Kubernetes Audit by Trail of Bits

kubeaudit

falco

kubesec

kube-bench

trivy

MKIT

kubetap

kube-forensics

k8s-security-dashboard

CIS Kubernetes Benchmark - InSpec Profile

Kube PodSecurityPolicy Advisor

Inspektor Gadget

Starboard

Advocacy Site for Kubernetes RBAC

Helm-Snyk

Krane

rakkess

kubectl-who-can

Kubernetes Security - Best Practice Guide

External Secrets

KubeLinter

Open Policy Agent

Gatekeeper

Kyverno

Papers

Kubernetes Security Assessment - Final Report - May 2019

Kubernetes Security Whitepaper - June 2019

Kubernetes Threat Model - June 2019

Kubernetes Attack Tree

Attacking Kubernetes - A Guide for Administrators and Penetration Testers

CIS Kubernetes Benchmark

Kubernetes é seguro por default ou à prova de má configuração? 🇧🇷

Podcasts

TGI Kubernetes

The Podlets

Kubecast

Kubernetes Podcast (from Google)

PodCTL - Enterprise Kubernetes