Back to Pre-Conference Training Page

Back to Conference Home Page

Kubernetes Security Capture the Flag (CTF)

Half-Day Interactive (Classroom) Training - OWASP New Zealand Day 2024

Abstract

Attendees will be let loose on a realistic, production-like Kubernetes cluster, each player must navigate scenarios and thwart ControlPlane’s long-time adversary Captain Hashjack. They will enumerate, exploit and escalate their way to buried treasure (hidden flags) scattered throughout the cluster.

Target Audience

• Web developers creating containerised applications
• Platform teams
• DevOps practitioners

Course Details

Dates: Wednesday, 4 September 2024

Time: 1:45 to 5:30 p.m. (NZST)

Instructor: Rob Kenefeck and Mario Weigel (Control-Plane.io)

Course Fee: NZ $250.00 (plus GST and ticketing fees)

Registration Site: https://events.humanitix.com/owaspnz2024-training

Maximum Enrolment: 36 attendees

Prerequisites - What Students Should Bring

• A laptop with Internet access and an installed SSH client

Course Description

Delve deeper into the dark and mysterious world of Kubernetes security. Start your journey deep inside the target infrastructure, collecting flags as you exploit your position in the environment and hunt for vulnerabilities, thwarting Captain Hλ$ђ𝔍∀¢k in his quest of destruction.

Attendees can play Beginner to Intermediate scenarios to bushwhack their way through the jungle of Kubernetes security. Attendees will be hands-on to understand more about core Kubernetes components and how they can be misconfigured and compromised.

Each attendee will be given access to their own Kubernetes cluster built within our bespoke sandboxed training environment. A laptop with an SSH client is required to participate.

Your Instructors

Rob Kenefeck is a Principal Consultant with more than 15 years of experience in designing, building, and deploying cloud native platforms. Rob likes to talk about how Security is fundamental to DevOps, how Kubernetes often isn’t the best answer to your problem, and his lived experience of Site Reliability Engineering. Rob has been Automating toil in Linux for 20 years, but when Kubernetes came along he was initially dismissive; after all, he was already building everything in Containers with Docker and orchestrating in a variety of semi-manual ways. Rob has since come to appreciate all it can do and also what its limitations are and when NOT to use it.

Rob has taught DevOps courses and Kubernetes courses while also helping large enterprises setup internally managed Kubernetes platforms with a product based mindset.

Mario Weigel - Bio coming soon