Container & Kubernetes Defense feat. eBPF 

Course & Training

Three days bootcamp on defending kubernetes at the professional level. Understand how to systematically cut through the noise and never play catch up again

Security of Containers and Kubernetes based systems can easily get out of hand. eBPF is a technology that allows us to quasi X-ray our entire infrastructure and applications.
This course will show you how to drastically simplify your security maintainence by combining observability, network, performance and security eBPF tools. So that neither attackers nor vendors can hide from you.

In-House Course:

We are happy to conduct tailored courses for your team - on-site, remotely or in our course rooms.

Request In-House Course

   

Content:


The main objective of this course is to empower you to find what matters fast. From understanding the basic 8 attack classes to fighting alert-fatigue with anomalies and automating as much as possible. My goal is to give you tools and techniques to become Cyber-Resilient on Kubernetes.

What to look for:
- Container Primitives DeepDive: security starts here
- Break Down the Attack Classes of containerized systems on Linux:
... - Container Escapes
... - Insecure Volumes and Mounts
... - Abuse of Capabilities
... - Pivots over Sockets
... - Roles and Identities (RBAC) abuse
... - Token Impersonation
... - Misc
- Different approaches to effective threat modelling (mini Workshop)

How to find it:
- Zero Days and the power of anomaly detection (Inspector Gadget)
- Making Network policies secure-by-default
- How to keep all your rules uptodate (Bill of Behavior)
- EU CRA: I have 24 hrs to detect a Breach -> how to achieve this?
- Making threats observable with CNCF Pixie and Kubescape:
... - Find vulnerable libraries
... - How to inspect the memory (using CRIU)
... - How to introspect SSL traffic
... - How to identify data exfiltration

How to fix it:
- Building Container Images: how to measure true quality
- Dos and Donts in CI-CD Design
- Forensic Storage vs PII compliance: what to avoid
- Audit yourself: continuous hardening via automation
... - Block vulnerable code from executing
- Control Loop Decoupling and Breach Containment (Theory)
- Making Network policies secure-by-default
- How to keep all your rules uptodate (Bill of Behavior)

- Optional: Identity federation, Linux Security Modules, "CVE of the day"
- Optional: Discretionary Access Control


The concepts you will learn apply across most container based system running on Linux and are cloud agnostic. Some highlighted CVEs may affect only certain providers.
Kernel knowledge is NOT required, solid Linux knowledge is required.

The entire course is hosted in live hands-on labs: get a taste right now https://labs.iximiuz.com/courses/discoverebpf-0d7c6c54


Disclaimer: The actual course content may vary from the above, depending on the trainer, implementation, duration and constellation of participants.

Whether we call it training, course, workshop or seminar, we want to pick up participants at their point and equip them with the necessary practical knowledge so that they can apply the technology directly after the training and deepen it independently.

Goal:

Defend your Kubernetes efficiently, protect your mental health, leverage the magic of eBPF


Form:

Through a balanced mixture of theory and practice, our experienced trainer guides the participants through the various topics, accompanied by live demonstrations and practical exercises to deepen understanding.


Target Audience:

Software or system engineers , security engineers, CISOs


Requirements:

Solid Linux knowledge is required and Kubernetes basics are very helpful. Reasonable basic experience with OpenSource, DevOps and IT Security basics are highly desireable.
You do NOT require Kernel knowledge.


Preparation:

Every participant will receive a questionnaire and a preparation checklist after registration. We provide a comprehensive laboratory environment for each participant, so that all participants can directly implement their own experiments and even complex scenarios.

Request In-House Course:

In-House Kurs Anfragen

Waitinglist for public course:

Sign up for the waiting list for more public course dates. Once we have enough people on the waiting list, we will determine a date that suits everyone as much as possible and schedule a new session. If you want to participate directly with two colleagues, we can even plan a public course specifically for you.

Waiting List Request

(If you already have 3 or more participants, we will discuss your preferred date directly with you and announce the course.)

More about Kubernetes Defense and eBPF



Having a distributed system of ever moving parts and pieces can be daunting to defend. The Cloud Native Compute Foundation (CNCF) ecosystem has evolved several mature projects that
we leverage to achieve both human and machine friendly comprehensive security posture.

This course focuses on runtime defense as this is where the breaches occur. This includes the runtime of development and build environments. However we will also cover how supply chain security plays a crucial role and how achievable certain Best Practises really are for end users.




History


eBPF (extended Berkeley Packet Filter) has its roots in the classic Berkeley Packet Filter (BPF), which was created in the early 1990s to efficiently filter network packets. The modern eBPF was a significant redesign led by Alexei Starovoitov and was merged into the Linux kernel in 2014.


The "extended" part is key: eBPF evolved from a simple packet filter into a general-purpose, event-driven virtual machine inside the Linux kernel. It allows sandboxed programs to be attached to various kernel hooks (syscalls, network events, tracepoints) to safely and efficiently extend kernel capabilities without changing kernel source code or loading kernel modules.


This programmability has made eBPF the foundation for a new generation of high-performance networking, observability, and security tools in the cloud-native ecosystem, including projects like Cilium, Falco, Pixie and Kubescape. It is now governed by the eBPF Foundation under the Linux Foundation.