hills_grid_bg

Building a Kubernetes Breach & Attack Simulation Program From Scratch: A Hands-On Practical Guide

This workshop will begin by explaining the goals and objectives of a Kubernetes Breach & Attack Simulation (BAS) program. It will cover fundamental terms and address why BAS is crucial for Kubernetes environments and how to implement it effectively.

It will delve into Kubernetes architecture, explaining the roles of various components within its ecosystem. Next, it will include Threat Modeling of Kubernetes cluster components to explain its attack surface. This section will also feature a Kubernetes attack matrix (mapped on MITRE) to illustrate various potential attack vectors.

To provide an understanding of how to initiate and mature a Kubernetes BAS program, We will discuss a K8s BAS Maturity Matrix. This will help participants learn how to start from scratch and gradually enhance their defenses within a Kubernetes environment.

The workshop will then explore how to conduct atomic testing for a Kubernetes BAS program and progress towards micro and full emulation. This section will also explain the necessary architecture for this setup.

Finally, we will provide a live demo of an end-to-end attack simulation on a Kubernetes cluster. Using a Python-coded scenario, this demo will showcase how to execute a MITRE ATT&CK-mapped attack (Full Emulation plan), step-by-step, on a K8s cluster.

The aim is to not only simulate a realistic attack but also to identify potential detection gaps and areas for improvement in the current defense strategies.

Register Now
Monty Shyama
Monty Shyama is a Threat Detection Engineer at CRED, where he focuses on safeguarding dynamic cloud environments and building effective incident response strategies. With deep technical expertise as a Certified Kubernetes Security Specialist (CKS) and Certified Kubernetes Administrator (CKA), Monty specializes in Kubernetes—the industry standard for container orchestration. He has shared his knowledge at prominent conferences such as ElasticON and Antisyphon Training, presenting on topics including cloud-native security and streamlined incident response. Beyond his professional responsibilities, Monty actively contributes to the cybersecurity community through blog posts, articles, and open-source projects. He is also a dedicated mentor, guiding aspiring security professionals as they navigate the complexities of this fast-evolving field.