⚠️ AWS ECR & EKS Security Masterclass - From Exploitation to Defense ⚠️

Authored by Anjali Shukla & Divyanshu Shukla for kubernetesvillage community.

Workshop Overview

The AWS EKS Red Team Masterclass - From Exploitation to Defense is an immersive workshop designed to take participants through real-world scenarios of attacking and defending Kubernetes clusters hosted on AWS EKS.

This workshop provides a comprehensive approach, from understanding the anatomy of attacks on EKS clusters using AWS ECR to deploying robust defense mechanisms. Participants will learn how to backdoor AWS ECR image & exploit misconfigurations and vulnerabilities within AWS EKS, followed by the implementation of best security practices to safeguard the environment.

• Key Takeaways:
  • Hands-on labs focused on exploiting EKS misconfigurations.
  • Techniques for lateral movement, privilege escalation, and post-exploitation using AWS ECR in AWS EKS .
  • Deep dive into securing AWS EKS clusters by leveraging IAM roles and AWS ECR.

This workshop is tailored for security professionals, cloud engineers, and DevOps teams looking to enhance their understanding of offensive and defensive Kubernetes security strategies.

🚀 Prerequisites for EKS Security Workshop 🚀

• ❗ Gmail Account
  • Gmail account to access the documentation.
• 🔧 GitHub Codespace Setup
  • Set up GitHub for Codespace so that the lab can be configured & deployed.
• 🔑 Bring Your Own AWS Account
  • Participants are required to bring an AWS account with billing enabled and admin privileges.
• 💻 Laptop with Browser
  • Laptop with an updated browser (Administrative Privileges if required).

Setup & Walkthrough Documentation

• Deployment Documentation

Credits

Reach out in case of missing credits.

• Kubernetes Architecture
• Credits for image: Offensive Security Say – Try Harder!
• madhuakula
• vulhub
• Amazon EKS Security Immersion Day
• eksworkshop.com - GuardDuty Log Monitoring
• Kubernetes Architecture
• Tech Blog by Anoop Ka - Kyverno
• Microsoft Attack Matrix for Kubernetes
• Datadog Security Labs - EKS Attacking & Securing Cloud Identities
• HackTricks AWS EKS Enumeration
• AWS EKS Best Practices
• Amazon EMR IAM Setup for EKS
• AWS EKS Pod Identities
• Anais URL - Container Image Layers Explained
• GitLab - Beginner’s Guide to Container Security
• Wiz.io Academy - What is Container Security
• JFrog Blog - 10 Helm Tutorials
• Datadog Security Labs - EKS Cluster Access Management
• ChatGPT - For Re-phrasing & Re-writing
• Okey Ebere Blessing - AWS EKS Authentication & Authorization
• Microsoft Blog - Attack Matrix for Kubernetes
• Subbaraj Penmetsa - OPA Gatekeeper for Amazon EKS
• Open Policy Agent GitHub
• OPA Gatekeeper Documentation
• Gatekeeper Library on GitHub
• CDK EKS Blueprints - OPA Gatekeeper
• AWS EKS Documentation
• Datadog Security Labs - EKS Attacking & Securing Cloud Identities
• Cloud HackTricks Kubernetes Enumeration
• Attacking & Defending Kubernetes training

Note: Currently unable to provide the support in case facing any deployment issue. This lab is for educational purposes only. Do not attack or test any website or network without proper authorization. The trainers are not liable or responsible for any misuse and this course provided independently and is not endorsed by their employers or any other corporate entity. Refer to disclaimer section at ekssecurity.kubernetesvillage.com