Building a Kubernetes Breach & Attack Simulation Program From Scratch: A Hands-On Practical Guide

This workshop will begin by explaining the goals and objectives of a Kubernetes Breach & Attack Simulation (BAS) program. It will cover fundamental terms and address why BAS is crucial for Kubernetes environments and how to implement it effectively.

It will delve into Kubernetes architecture, explaining the roles of various components within its ecosystem. Next, it will include Threat Modeling of Kubernetes cluster components to explain its attack surface. This section will also feature a Kubernetes attack matrix (mapped on MITRE) to illustrate various potential attack vectors.

To provide an understanding of how to initiate and mature a Kubernetes BAS program, We will discuss a K8s BAS Maturity Matrix. This will help participants learn how to start from scratch and gradually enhance their defenses within a Kubernetes environment.

The workshop will then explore how to conduct atomic testing for a Kubernetes BAS program and progress towards micro and full emulation. This section will also explain the necessary architecture for this setup.

Finally, we will provide a live demo of an end-to-end attack simulation on a Kubernetes cluster. Using a Python-coded scenario, this demo will showcase how to execute a MITRE ATT&CK-mapped attack (Full Emulation plan), step-by-step, on a K8s cluster.

The aim is to not only simulate a realistic attack but also to identify potential detection gaps and areas for improvement in the current defense strategies.