Certified Kubernetes Security Specialist

  1. Home
  2. Kubernetes
  3. Certified Kubernetes Security Specialist

Tags: Kubernetes

Theory | Practice | Full Course

Last updated 2022-01-10 | 4.7

- Complete CKS preparation
- CKS full Theory and Practice
- Kubernetes Security Concepts

What you'll learn

Complete CKS preparation
CKS full Theory and Practice
Kubernetes Security Concepts
Think from a hackers perspective
Deep technical insight into Kubernetes

* Requirements

* Before you attend the real exam you need to hold the CKA
* Some Kubernetes Admin knowledge
* but we also do a recap!

Description

Hi there!


all you need for your Certified Kubernetes Security Specialist preparation in one place !


I'm Kim, Kubernetes Trainer and Author, also the creator of the Killer Shell CKS|CKA|CKAD Simulators.


  • I will present every CKS topic to you in a simple, visual and easy way


  • For every topic we'll also run through various practical hands-on challenges together


  • We'll setup your own CKS cluster together, for this we provide simple scripts!


  • We also have a Github course repository with various examples which we use throughout this course


  • Join the Killer Shell private Slack community for exam and topic discussion



Simulator

The CKS simulator used to be included in this course, but not anymore. This is because it's now available with every CKS exam purchase at the Linux Foundation. This way we can offer this course separately and for a better price!



Please expect this course to take more time than just our recorded hours. For most topics you'll need some time to implement the scenarios yourself. Also breaks (hours or even days) between sections/topics should be advised to prevent brain implosion :)



Are you ready to dive deep into Kubernetes Security?

Is your goal to become Kubernetes Certified Security Specialist (CKS)?

### Then this course is for you ###



You should already have some Kubernetes Administrator knowledge before attending this course. And if you like to attend the real CKS exam you need to hold a valid CKA certification. But we also do some recap of CKA knowledge at the beginning, so no worries if your knowledge is a bit stale.



Hoping to have you on board and happy learning,

Team Killer Shell


Who this course is for:

  • CKS Attendees
  • Security Specialists
  • Kubernetes Administrators

Course content

31 sections • 187 lectures

Introduction 4 lectures

Welcome Preview 02:30

Best Video Quality Preview 00:29

Slack Community Preview 00:04

K8s Security Best Practices Preview 10:16

Create your course K8s cluster 8 lectures

Cluster Specification Preview 02:43

Practice - Create GCP Account Preview 03:47

Practice - Configure "gcloud" command Preview 04:53

Practice - Create Kubeadm Cluster in GCP Preview 08:40

Practice - Firewall rules for NodePorts Preview 01:00

Notice: Always stop your instances Preview 01:39

Containerd Course Upgrade Preview 01:09

Recap Preview 01:03

Killercoda Access 2 lectures

How to get Access Preview 01:21

Your Access Code Preview 00:23

Foundation - Kubernetes Secure Architecture 3 lectures

Intro Preview 12:17

Practice - Find various K8s certificates Preview 05:55

Recap Preview 01:11

Foundation - Containers under the hood 6 lectures

Intro Preview 10:17

Container Tools Introduction Preview 06:02

Practice - The PID Namespace Preview 03:33

Recap Preview 00:42

TEST - Docker Container Namespaces Preview 00:02

TEST - Podman Container Namespaces Preview 00:02

Cluster Setup - Network Policies 8 lectures

Cluster Reset Preview 00:41

Introduction 1 Preview 04:09

Introduction 2 Preview 05:04

Practice - Default Deny Preview 03:53

Practice - Frontend to Backend traffic Preview 06:15

Practice - Backend to Database traffic Preview 07:26

Recap Preview 01:00

TEST - Default-Deny Network Policy Preview 00:02

Cluster Setup - GUI Elements 5 lectures

Introduction Preview 04:09

Practice - Install Dashboard Preview 01:08

Practice - Outside Insecure Access Preview 04:39

Practice - RBAC for the Dashboard Preview 03:34

Recap Preview 01:41

Cluster Setup - Secure Ingress 5 lectures

K8s Docs in correct Version Preview 00:42

Introduction Preview 03:56

Practice - Create an Ingress Preview 07:38

Practice - Secure an Ingress Preview 08:53

Recap Preview 00:26

Cluster Setup - Node Metadata Protection 4 lectures

Introduction Preview 03:04

Practice: Access Node Metadata Preview 02:02

Practice: Protect Node Metadata via NetworkPolicy Preview 04:27

Recap Preview 00:35

Cluster Setup - CIS Benchmarks 5 lectures

Introduction Preview 02:24

Practice - CIS in Action Preview 05:17

Practice - kube-bench Preview 03:50

Recap Preview 01:51

TEST - Apply CIS rules for Controlplane Preview 00:02

Cluster Setup - Verify Platform Binaries 5 lectures

Introduction Preview 01:14

Practice - Download and verify K8s release Preview 03:27

Practice - Verify apiserver binary running in our cluster Preview 05:12

Recap Preview 00:31

TEST - Verify Kubelet Binary Preview 00:02

Cluster Hardening - RBAC 6 lectures

Intro Preview 09:10

Practice - Role and Rolebinding Preview 05:00

Practice - ClusterRole and ClusterRoleBinding Preview 04:01

Accounts and Users Preview 04:15

Practice - CertificateSigningRequests Preview 09:25

Recap Preview 01:00

Cluster Hardening - Exercise caution in using ServiceAccounts 6 lectures

Intro Preview 01:20

Practice - Pod uses custom ServiceAccount Preview 04:55

Practice - Disable ServiceAccount mounting Preview 03:21

Practice - Limit ServiceAccounts using RBAC Preview 02:42

Recap Preview 01:07

TEST - ServiceAccount Token Mounting Preview 00:02

Cluster Hardening - Restrict API Access 9 lectures

Introduction Preview 04:23

Practice - Anonymous Access Preview 04:07

Practice - Insecure Access Preview 04:08

Practice - Manual API Request Preview 03:39

Practice - External Apiserver Access Preview 06:34

NodeRestriction AdmissionController Preview 02:02

Practice - Verify NodeRestriction Preview 03:45

Recap Preview 00:50

TEST - Apiserver Manifest Misconfigured Preview 00:02

Cluster Hardening - Upgrade Kubernetes 5 lectures

Introduction Preview 06:32

Practice - Create outdated cluster Preview 02:22

Practice - Upgrade controlplane node Preview 06:20

Practice - Upgrade node Preview 03:57

Recap Preview 01:06

Microservice Vulnerabilities - Manage Kubernetes Secrets 10 lectures

Introduction Preview 03:38

Practice - Create Simple Secret Scenario Preview 05:34

Practice - Hack Secrets in Container Runtime Preview 05:42

Practice - Hack Secrets in ETCD Preview 03:47

ETCD Encryption Preview 05:20

Practice - Encrypt ETCD Preview 18:42

Recap Preview 04:50

TEST - Access Secrets in Pods Preview 00:02

TEST - Read Secret Values Preview 00:02

TEST - ETCD Encryption Preview 00:02

Microservice Vulnerabilities - Container Runtime Sandboxes 8 lectures

Introduction Preview 06:35

Practice - Container calls Linux Kernel Preview 03:05

Open Container Initiative OCI Preview 03:25

Sandbox Runtime Katacontainers Preview 02:10

Sandbox Runtime gVisor Preview 02:04

Practice - Create and use RuntimeClasses Preview 03:54

Practice - Install and use gVisor Preview 06:03

Recap Preview 01:07

Microservice Vulnerabilities - OS Level Security Domains 10 lectures

Intro and Security Contexts Preview 03:18

Practice - Set Container User and Group Preview 03:47

Practice - Force Container Non-Root Preview 02:26

Privileged Containers Preview 01:34

Practice - Create Privileged Containers Preview 02:50

PrivilegeEscalation Preview 00:56

Practice - Disable PriviledgeEscalation Preview 01:38

PodSecurityPolicies Preview 02:13

Practice - Create and enable PodSecurityPolicy Preview 09:20

Recap Preview 01:44

Microservice Vulnerabilities - mTLS 3 lectures

Intro Preview 07:56

Practice - Create sidecar proxy Preview 06:08

Recap Preview 01:06

Open Policy Agent (OPA) 8 lectures

Cluster Reset Preview 00:41

Introduction Preview 05:57

Practice - Install OPA Preview 03:19

Practice - Deny All Policy Preview 10:39

Practice - Enforce Namespace Labels Preview 09:20

Practice - Enforce Deployment replica count Preview 04:31

Practice - The Rego Playground and more examples Preview 04:13

Recap Preview 01:37

Supply Chain Security - Image Footprint 5 lectures

Introduction Preview 04:49

Practice - Reduce Image Footprint with Multi-Stage Preview 06:59

Practice - Secure and harden Images Preview 08:10

Recap Preview 01:54

TEST - Image Footprint User Preview 00:02

Supply Chain Security - Static Analysis 7 lectures

Introduction Preview 06:54

Kubesec Preview 02:12

Practice - Kubesec Preview 03:26

OPA Conftest Preview 01:31

Practice - OPA Conftest for K8s YAML Preview 04:07

Practice - OPA Conftest for Dockerfile Preview 03:21

Recap Preview 01:18

Supply Chain Security - Image Vulnerability Scanning 5 lectures

Introduction Preview 07:04

Clair and Trivy Preview 01:07

Practice - Use Trivy to scan images Preview 04:20

Recap Preview 01:04

TEST - Scan images using Trivy Preview 00:02

Supply Chain Security - Secure Supply Chain 8 lectures

Introduction Preview 03:28

Practice - Image Digest Preview 03:58

Practice - Whitelist Registries with OPA Preview 05:39

ImagePolicyWebhook Preview 01:46

Practice - ImagePolicyWebhook Preview 09:52

Recap Preview 00:38

TEST - Complete ImagePolicyWebhook Setup Preview 00:02

TEST - Use Image Digest Preview 00:02

Runtime Security - Behavioral Analytics at host and container level 10 lectures

Introduction Preview 03:22

Practice - Strace Preview 04:22

Practice - Strace and /proc on ETCD Preview 07:08

Practice - /proc and env variables Preview 04:45

Practice - Falco and Installation Preview 04:17

Practice - Use Falco to find malicious processes Preview 05:23

Practice - Investigate Falco rules Preview 04:50

Practice - Change Falco Rule Preview 08:43

Recap Preview 01:29

TEST - Syscall Activity Strace Preview 00:02

Runtime Security - Immutability of containers at runtime 6 lectures

Introduction Preview 03:34

Ways to enforce immutability Preview 04:47

Practice - StartupProbe changes container Preview 03:34

Practice - SecurityContext renders container immutable Preview 04:51

Recap Preview 00:50

TEST - Immutability Readonly Filesystem Preview 00:02

Runtime Security - Auditing 7 lectures

Introduction Preview 11:39

Practice - Enable Audit Logging in Apiserver Preview 05:52

Practice - Create Secret and check Audit Logs Preview 03:05

Practice - Create advanced Audit Policy Preview 10:12

Practice - Investigate API access history Preview 10:57

Recap Preview 01:22

TEST - Enable Audit Logging Preview 00:02

System Hardening - Kernel Hardening Tools 9 lectures

Introduction Preview 02:45

AppArmor Preview 02:43

Practice - AppArmor for curl Preview 06:08

Practice - AppArmor for Docker Nginx Preview 05:56

Practice - AppArmor for Kubernetes Nginx Preview 05:39

Seccomp Preview 03:33

Practice - Seccomp for Docker Nginx Preview 02:38

Practice - Seccomp for Kubernetes Nginx Preview 07:46

Recap Preview 01:32

System Hardening - Reduce Attack Surface 8 lectures

Introduction Preview 04:53

Practice - Systemctl and Services Preview 02:05

Practice - Install and investigate Services Preview 04:49

Practice - Disable application listening on port Preview 02:02

Practice - Investigate Linux Users Preview 04:33

Recap Preview 01:05

TEST - Close Open Ports Preview 00:02

TEST - Manage Packages Preview 00:02

CKS Exam Series 1 lectures

CKS Exam Series Preview 00:05

Linux Foundation Simulator Sessions 1 lectures

Linux Foundation Simulator Sessions Preview 00:28