Kubernetes is now the backbone of modern infrastructure - and one of the most attractive targets for attackers. As such, I'm excited to bring a hands-on workshop focusing on the security of Kubernetes to hackArcana. Here's some useful info about it:

• Workshop: Practical Deep Dive into Kubernetes Security
• Format: Live online (with instructors), exercise-based workshop
• Instructors: Jarosław Jedynak, Michał Leszczyński (I've worked and played/made CTFs with them - they are SOLID!)
• Duration: 18 hours over 6 weeks (6 modules)
• Recordings: All sessions are recorded and available for at least 3 months
• Schedule: Tuesdays, 7 PM CEST, 9.06, 16.06, 23.06, 30.06, 07.07, 14.07
• Language: English
• Level: Intermediate (you should know basics of K8s)

You can find all the details on the workshop's page, but here's also the agenda:

Module 1 - Kubernetes Architecture
Session: June 9th, Tuesday, 7 PM CEST

• Kubernetes components and how they interact
• Threat modeling the cluster: what attackers target and why
• Workshop environment walkthrough and lab access
• First hands-on exercises: exploring the cluster from an attacker's perspective

Module 2 - Build Phase Security
Session: June 16th, Tuesday, 7 PM CEST

• Container image pitfalls and common misconfigurations
• Source code and dependency scanning in CI/CD pipelines
• Supply chain risks: what happens before the image reaches the cluster
• Lab: identifying and fixing vulnerable image builds

Module 3 - Deploy Phase Security
Session: June 23rd, Tuesday, 7 PM CEST

• Image signing and verification
• Namespaces, pod security standards, and admission policies
• Secrets management: what goes wrong and how to fix it
• Lab: hardening deployment manifests and catching misconfigurations before they reach production

Module 4 - Runtime Phase Security
Session: June 30th, Tuesday, 7 PM CEST

• Service account tokens and their abuse
• Cloud environment pitfalls and metadata API attacks
• Privilege escalation and container breakout scenarios
• Lab: reproducing real runtime attack paths and applying mitigations

Module 5 - Administration, Access Control, and Networking
Session: July 7th, Tuesday, 7 PM CEST

• Authentication mechanisms and common weaknesses
• RBAC deep dive: misconfigurations, auditing, and least privilege
• Admission controllers and policy enforcement
• CNI configuration, network policies, firewalls, and network-level attacks
• Service meshes and their role in cluster security
• Lab: attacking and hardening cluster access and network segmentation

Module 6 - Low-Level Container Security
Session: July 14th, Tuesday, 7 PM CEST

• Linux namespaces, cgroups, and capabilities in depth
• Seccomp profiles: building and applying them
• Kernel exploits and container escape techniques
• Wrap-up, Q&A, and next steps in your Kubernetes security journey
• Lab: hands-on container isolation assessment and hardening

Workshop starts on June 9th and you can secure your place (and later your K8s) here: Sign up!