Welcome to AWS EKS Security Masterclass

Welcome to EKS Goat: AWS EKS Security Masterclass, a comprehensive and hands-on workshop designed to elevate your understanding of AWS Elastic Kubernetes Service (EKS) security. This immersive course is tailored for security professionals and enthusiasts who seek to gain deep insights into securing containerized environments and EKS clusters on AWS.

Workshop Website

Access the EKS Security workshop content here:
https://ekssecurity.kubernetesvillage.com

Alternate Link

In case of accessibility issues, you can use the following link:
https://ekssecurity.netlify.app/

Authored by Anjali & Divyanshu

Workshop Overview

The EKS Goat: AWS EKS Security Masterclass is an immersive security workshop designed to take participants through real-world scenarios of attacking and defending Kubernetes clusters hosted on AWS EKS.

This workshop provides a comprehensive approach, from understanding the anatomy of attacks on EKS clusters to deploying robust defense mechanisms. Participants will learn how to exploit misconfigurations and vulnerabilities within AWS EKS, followed by the implementation of best security practices to safeguard the environment.

Key Takeaways:

• Hands-on labs focused on exploiting EKS misconfigurations.
• Techniques for lateral movement, privilege escalation, and post-exploitation in AWS EKS.
• Deep dive into securing AWS EKS clusters by leveraging IAM roles, Kubernetes RBAC, and network policies.
• Best practices for automating vulnerability detection and defense mechanisms in AWS EKS environments.

This workshop is tailored for security professionals, cloud engineers, and DevOps teams looking to enhance their understanding of offensive and defensive Kubernetes security strategies.

About Us:

• Anjali is a senior cloud security engineer & founder of Kubernetes Village. She has over 5 years of experience in cloud security ( GCP, AWS & Azure )and DevSecOps (CI/CD), Kubernetes (EKS & GKE), and IAC security. She was a member of the Infosec Girls mentorship program and regularly publishes research on various cloud security via youtube channel @peachycloudsecurity. She was a volunteer at Defcon Cloud Village and currently leads the Bangalore chapter for W3-CS. Additionally, she is an AWS Community Builder. She has delivered training and talks at conferences like Blackhat Spring’24, Blackhat Europe’23, Bsides Bangalore 2023/2024, CSA Bangalore Annual Summit, C0c0n 2023, Null Community Meetup Bangalore, Google Cloud IAP Security at the Cloud Security Podcast, and Nullcon 2023.

• Divyanshu is a senior security engineer with more than 7 years of experience in Security architecture reviews of Cloud, Web & Cloud Pentesting, DevSecops, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author Burp-o-mation and a very-vulnerable-serverless application. Also part of AWS Community Builder for security and was a Defcon Cloud Village crew member 2020/2021/2022. He has also given training and talks in events like Nullcon Hyderabad'24, Brucon'24, Blackchat Europe Arsenal'23, C0c0n'24, Nullcon Goa'24, Bsides Bangalore'23, Parsec IIT Dharwad and Null community. Awarded title of Cloudsecurity Champion CSA Bangalore'23 & Cybersecurity Samurai at the Bsides Bangalore'23.

Contact Us

• Find Us Here ˗ˏˋ ♡ ˎˊ˗
  • Kubernetes Village ₊ ⊹
  • Anjali 👩🏻
  • Divyanshu 🙎🏻‍♂️

Excited About the Class:

• Share on Linkedin

🚨🚨

⚠️ IMPORTANT NOTICE: Please use a new or dedicated AWS account for these operations. Some commands may delete data or resources within the AWS environment. The author assumes no responsibility for any data loss or unintended consequences resulting from the use of these commands.

⭐⭐⭐⭐⭐