Attacking and Defending Kubernetes

Kubernetes has become the default way organizations run software at scale — and so many security professionals don’t get to see how it’s really attacked. This two-day, hands-on course closes that gap.

Learn to attack and defend Kubernetes from Jay Beale — creator of the DEF CON Kubernetes Capture the Flag, Bastille Linux, the Peirates Kubernetes attack tool, and the Bust-a-Kube CTF cluster. This well-reviewed training teaches practical Kubernetes attack techniques drawn from real penetration tests, paired with the defenses that stop them. You’ll attack Kubernetes itself, the containers it orchestrates, and the Linux hosts that run them — then learn how to break every one of those attack paths.

You don’t need to be a Kubernetes veteran or Linux expert – this class builds your understanding from the ground up, so you leave able to reason about how these systems really work rather than just memorizing commands. More than half the course is hands-on, in a live lab environment.

We begin by building a container without Docker or any container runtime, so you gain a true understanding of what a container actually is and what it isn’t. From there, we explore how Kubernetes orchestrates containerized workloads across machines, and how attackers exploit weaknesses in that model.

You’ll discover and exploit Kubernetes role-based access control (RBAC) authorization flaws, covering both everyday misconfigurations and deeper design-level weaknesses. You’ll break out of containers, compromise worker nodes, and use what you find on those nodes to escalate privilege and take over the entire cluster. You’ll perform these attacks by hand — so you understand what’s happening at each step — and with open source tools like Peirates. Every attack exercise pairs with a defensive component: you’ll harden the environment, break your own attack path, and proactively close off the related paths an attacker would try next.

The course ends with a capstone Capture the Flag challenge where you put your new skills to work. Come learn, attack, defend, and play!

Why Take This Class?

Most security professionals are now responsible for Kubernetes whether they asked for it or not, yet very few have ever seen how it’s actually attacked — and this class gives you that attacker’s-eye view along with the defenses that stop each attack.

You’ll learn directly from Jay Beale, who built the tools and challenges the field trains on, including Peirates, Bust-a-Kube, and the DEF CON Kubernetes CTF.

It’s designed to stick: more than half your time is hands-on in a live lab, building a container from scratch, breaking out of one, taking over a cluster, and then shutting each of those paths down. Because every attack is paired with its defense, you leave not just knowing how Kubernetes fails but how to make it hold. And you don’t need to arrive as a Kubernetes or Linux expert — the class builds from the ground up, making it a genuine on-ramp into one of the most in-demand corners of security.