Hands-on Kubernetes Attack & Defense Masterclass

Presented at DEF CON 33 (2025), Aug. 8, 2025, 2 p.m. (240 minutes).

Kubernetes has transformed how we deploy applications, but its complexity has created a new attack surface actively exploited by threats. This workshop delivers practical experience exploiting and defending against dangerous misconfigurations found in production environments. Based on extensive research and the popular Kubernetes Goat platform, you'll work through realistic attack scenarios including privilege escalation, container escapes, lateral movement, and persistence techniques. For each vulnerability exploited, you'll implement corresponding defenses using Kubernetes-native controls. Our pre-configured environment with vulnerable applications lets you focus on mastering both offensive and defensive techniques. You'll gain: * Hands-on experience exploiting critical misconfigurations * Methodology for identifying vulnerabilities in your clusters * Skills implementing defenses across the Kubernetes lifecycle * Ready-to-use templates for securing production environments Whether securing Kubernetes or adding cloud-native exploitation to your skillset, this workshop delivers actionable knowledge through guided practice rather than abstract concepts.

Presenters:

• Madhu "madhuakula" Akula - Pragmatic Security Leader
  Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.

Similar Presentations:

• ToorCon San Diego 20 (2018) / Hacking and Hardening Kubernetes
• Canterbury Hacker Camp (2022) / Attack on Kubernetes
• HushCon Seattle 2019 / Down the sinkhole with kubernetes