Thanks Vincent van Houten and Ilona D. for giving this nice container and Kubernetes workshop from Secura I will go further with this Kubernetes Goat you tipped at home 😬

🚀🔧 Série de Lives sobre Kubernetes - Attacking and Defending!🔧🚀 📅 Analisando camadas de container docker - Kubernets Goat 🗓️ 27/06 🕘 21h 🎙️ Thiago Muniz Dando continuidade à nossa série de lives sobre Kubernetes - Attacking and Defending, Thiago Muniz vai abordar o tema “Analisando camadas de container docker” usando o projeto Kubernetes Goat. Esta é uma oportunidade única para aprender técnicas avançadas de segurança em Kubernetes. Não percam essa sessão prática e enriquecedora! 📢 lnkd.in/dcJNqSYi \#KubernetesGoat #AttackingAndDefending #KubernetesSecurity See translation

💥 Today, we're announcing Unified Supply Chain and Runtime Security for Kubernetes. 📢 “With today’s product enhancements, #DevOps and #SecOps teams can enable fast and secure software development by aligning on risk-based policies, security controls, and detections across different container environments and workflows.” - Ganesh Pai With our new automated code and runtime protections, your organization can align on policies, enforce them anywhere, and define remediation workflows — all from a single console. #DevSecOps teams can now automate shift-left security controls using fine-grain image policies to detect #vulnerabilities, #malware, and misplaced secrets throughout the #SDLC. Uptycs also added #Kubernetes Goat-based detections and incident response for critical Kubernetes security and misconfiguration scenarios, such as container escape and server-side request forgery (SSRF) exploitation. Read the release here: lnkd.in/gZkSxVJN #KubeConNA #KubeCon #KubeCon2023 #CNCF #KubernetesSecurity #K8s Cloud Native Computing Foundation (CNCF) #CloudNative #CloudNativeCon #Uptycs

I wrote a blog post about installing Kubernetes Goat and solving the first two scenarios. The first scenario covers the risks of storing sensitive information in codebases, while the second scenario shows how attackers can exploit Docker-in-Docker configurations. Check out my blog post to learn more! lnkd.in/dJYkES6Q

How do you spot security vulnerabilities in a Cloud Native application? Great question! Check out our latest blog where we explore vulnerabilities in Kubernetes Goat using Panoptica. cs.co/6044PQY7k #security #cloudnative #kubernetes

My pull request into Kubernetes Goat project has been accepted by Madhu Akula, it is a showcase of Kubernetes Goat on Amazon EKS which I collaborated on with Christophe Limpalair from Cybr #devsecops #cybersecurity #aws check it out!

🚀 Ready to level up your Kubernetes Pentesting skills? 🐐🌟 Setting up your own Kubernetes Goat Pentesting Lab can be an invaluable way to master how to pentest this powerful orchestration tool! 🎯🔍 🔧 Step 1: Get Your Tools Ready First things first, ensure you have the necessary resources: a cloud provider (like AWS, GCP, or Azure), a decently specced machine (Virtual Machine on VMWare or Virtualbox), and a reliable internet connection. 📚 Step 2: Gather Learning Materials Compile tutorials, guides, and resources from the vast wealth available online. Platforms like Kubernetes documentation, KubeAcademy, and CNCF resources are goldmines. 🏗️ Step 3: Set Up Your Cluster Utilize tools like kubectl, minikube, or managed services from your cloud provider to deploy a Kubernetes cluster. Ensure security measures are in place. 🐐 Step 4: Deploy Kubernetes Goat Kubernetes Goat is an intentionally vulnerable Kubernetes cluster environment with multiple scenarios that can be used to learn and practice Kubernetes security. Follow this link on how to deploy Kubernetes Goat lnkd.in/daWdjj6z in your cluster. 🧪 Step 5: Experiment & Learn Kubernetes goat has more than 20 scenarios covering attack, defense, etc. Learn how to harden Kubernetes by solving these scenarios. Embrace trial and error—it's the best teacher! 🌐 Step 6: Network & Collaborate Engage with the Kubernetes community, join forums, attend meetups, and collaborate on projects. Learning is amplified when shared. 🚀 Step 7: Iterate & Innovate Continue refining your skills, exploring advanced concepts, and pushing the boundaries of what you can achieve with Kubernetes. Remember, learning Kubernetes is an ongoing journey. Embrace challenges, celebrate victories, and never stop exploring. 🌟💻 Let's empower ourselves and each other in this amazing tech space! 🚀✨ What are your top tips for mastering Kubernetes security? Share your thoughts in the comments below! Let's learn together. 👇💬 Kubernetes

Hum.. après le GOAD (Game Of Active Directory ) que l’on a expérimenté en SAE Cyber cette année (il y’a d’ailleurs un très bon article à ce sujet sur le dernier MISC (lnkd.in/enrRVuBA) merci Cyril Servieres Ce Kube Goat pourrait être un bon candidat pour l’année prochaine. Rate this translation Humph.. after the GOAD (Game Of Active Directory) that we experimented in SAE Cyber this year (there is a very good article on this subject on the last MISC (lnkd.in/enrRVuBA) thank you Cyril Servieres This Kube Goat could be a good candidate for next year.

K U B E R N E T E S. A dreaded 10 letter word for me up until recently. Well over here, we face our fears. Join me as I set up a vulnerable Kubernetes environment using Kubernetes Goat by Madhu Akula. This setup will be the beginning of many labs in a Kubernetes security series starting with an offensive approach and then eventually getting into the defensive (detection & response). #kubernetes #kubernetessecurity #kubernetesmanagement #k8s #cloudnative #cloudsecurity …more

If you haven't heard of Kubernetes Goat here is your chance. This Vulnerable by Design Kubernetes environment helps you to learn and discover Kubernetes vulnerabilities in different scenarios. In my experience, it's great, and I highly recommend it on whatever side you're on! Big shout out to Madhu Akula & other Kubernetes Goat developers who bring such an awesome project to our table! #kubernetes #k8s #k8ssecurity

🚀 𝗘𝘅𝗽𝗹𝗼𝗿𝗶𝗻𝗴 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗚𝗼𝗮𝘁: 𝗔 𝗠𝘂𝘀𝘁-𝗛𝗮𝘃𝗲 𝗧𝗼𝗼𝗹 𝗳𝗼𝗿 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗘𝗻𝘁𝗵𝘂𝘀𝗶𝗮𝘀𝘁𝘀! 🚀 🔒 As a web application penetration testing intern at ADIAS, I've had the chance to dive deep into various security tools and platforms. One standout resource that I've found incredibly valuable is 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗚𝗼𝗮𝘁. 🌟 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗚𝗼𝗮𝘁? Kubernetes Goat is an intentionally vulnerable Kubernetes cluster environment. It is designed to educate and train security professionals about common vulnerabilities and security misconfigurations in Kubernetes clusters. Think of it as a playground where you can hone your skills in a controlled, safe environment. 🔍 𝗪𝗵𝘆 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗚𝗼𝗮𝘁? - 𝗛𝗮𝗻𝗱𝘀-𝗢𝗻 𝗟𝗲𝗮𝗿𝗻𝗶𝗻𝗴: Kubernetes Goat provides practical, hands-on experience in identifying and exploiting vulnerabilities in Kubernetes clusters. - 𝗥𝗲𝗮𝗹-𝗪𝗼𝗿𝗹𝗱 𝗦𝗰𝗲𝗻𝗮𝗿𝗶𝗼𝘀: The scenarios mimic real-world situations, helping you understand how attackers might exploit weaknesses in your infrastructure. - 𝗦𝗸𝗶𝗹𝗹 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁: Whether you're a beginner or an experienced professional, Kubernetes Goat helps you build and refine your Kubernetes security skills. 📈 𝗞𝗲𝘆 𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆𝘀: - 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Learn about the most common security issues and how to address them. - 𝗘𝗻𝗵𝗮𝗻𝗰𝗲 𝗬𝗼𝘂𝗿 𝗦𝗸𝗶𝗹𝗹𝘀: Improve your ability to secure Kubernetes clusters and respond to potential threats. - 𝗦𝘁𝗮𝘆 𝗔𝗵𝗲𝗮𝗱 𝗼𝗳 𝗧𝗵𝗿𝗲𝗮𝘁𝘀: By practicing in a simulated environment, you can stay ahead of potential threats and better protect your organization's infrastructure. 💡 𝗛𝗼𝘄 𝘁𝗼 𝗚𝗲𝘁 𝗦𝘁𝗮𝗿𝘁𝗲𝗱: 1. Visit lnkd.in/djsT9fUY to find installation instructions and resources. 2. Deploy Kubernetes Goat in your environment. 3. Start exploring the various scenarios and challenges! 🙌 𝗝𝗼𝗶𝗻 𝘁𝗵𝗲 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝘁𝘆: Engage with a vibrant community of security professionals who are passionate about Kubernetes security. Share your experiences, learn from others, and contribute to improving the security landscape. 🔗 lnkd.in/djsT9fUY A big thanks to Madhu Akula for creating this fantastic tool and contributing to the security community! Let's continue to build and maintain secure Kubernetes environments! 🌐🔐 #Kubernetes #KubernetesGoat #DevSecOps #CyberSecurity #CloudSecurity #PenetrationTesting #ADIAS #Learning #SecurityAwareness

Kubernetes Goat: Attack & Defense Guide — Scenario 1: Sensitive Keys in Codebases #WorkSmartWithK8s #kubernetes #vulnerabilities #goatlab #pentest #scenario #devsecops

Just released the latest TestGuild newsletter featuring the biggest news item in #automationtesting #devops #performancetesting #sre and #securitytesting for the week of May 1st with: Applitools #ux #ui mabl #accessibility #testing Marie Drake Cypress.io Experitest (now Digital.ai) #AI #ML #insights Marcus Merrell Sauce Labs Deque Systems, Inc Alexander Podelko #loadtesting #bencgmarking #workshops Mark Lambert Madhu Akula

Join us for a free hands-on demo of attacking and defending Amazon EKS (and Kubernetes in general) using Kubernetes Goat. 🐐 Kubernetes Goat is an open source and interactive #Kubernetes security learning playground. It has intentionally vulnerable scenarios to showcase common misconfigurations, real-world vulnerabilities, and security issues in Kubernetes clusters, #containers, and cloud native environments. Georgi Vodenitcharov, CISSP will walk us through: 📌 How to use Kubernetes Goat 📌 An example exploit 💥 📌 How to defend EKS We'll start off by providing an overview of installing and setting up Kubernetes Goat. Then Georgi will walk us through one of the exploits, before we move on to discussing defenses. We'll explore both free tools and #AWS native defenses. Date/Time 🗓️ Tuesday January 23rd, 2023 ⏰ 02:00 PM PST / 03:00 PM MST / 5:00 PM EST ✅ Register your spot and mark your calendars: lnkd.in/giBvD8tz #containersecurity #awscloud

Happy Monday all 👋🏻 If you're interested in learning Kubernetes security and most common misconfigurations, go check out my last video on Kubernetes Security 101. In this video I give a brief introduction on Kubernetes, what are the main components (node & pod, configmap & secret, deployment etc.), talk about a simplified K8s Architecture and diagram, proceed with local setup using Minikube, kubectl and much more. Then we'll work on a playground called "Kubernetes Goat" which is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Kudos to Madhu Akula for this brilliant open-source playground. 🔥It's a great learning resource on Kubernetes misconfigurations. Stay tuned for more Cloud/Kubernetes/Docker Security content. Cheers!

Check out this awesome Kubernetes security cheat sheet by Christophe Limpalair based on the talk we did together on #Kubernetes Goat hosted by Cybr. #devsecops #kubernetes

New blog post is up! This time I walk you through making a beginner-friendly homelab for Kubernetes threat detection. Check it out: lnkd.in/euTCbDC6 🙌 : Kali Linux | Minikube | Falco | Cloud Native Computing Foundation (CNCF) | Madhu Akula | Kubernetes Goat | Red Canary | Atomic Red Team | Sysdig