Review: Hacking and Securing Kubernetes cluster — The offensive labs

As every company is moving toward Docker and Kubernetes as a security professional, I always wanted to learn more about Kubernetes, how to attack and defend from common security pitfalls, while going through the internet for a different course, I stumbled upon the course from the offensive labs, which is called Hacking and Securing Kubernetes Cluster, when I gleaned through the curriculum, it was easy to make the decision as the course covered most of the concepts which I wanted to learn and you can apply directly in your day job.

Image for post
Image for post
Image courtesy: The Offensive Labs

Who should take this course?

  1. Pentesters / Appsec
  2. Developers / DevOps

What is in this course?

The course takes the approach of Zero to Hero mindset which is as mentioned below

  1. Introduction to Kubernetes and fundamentals.
  2. Then, it introduces you to how to build your own Kubernetes cluster (lab)
  3. Different attack surface / Threat model of Kubernetes
  4. AuthN/AuthZ in Kubernetes
  5. Various vulnerabilities/misconfiguration in Kubernetes cluster
  6. Enumeration and gaining an initial foothold
  7. Post-exploitation and lateral movement to pwn an entire cluster.
  8. Introduction to various automated tools in assisting pen-testers
  9. Different ways to harden the Kubernetes cluster.

Final Thoughts

  1. The course is very well-paced, as it is Zero to Hero they do give you step by step instructions, and a lot of handholding support is provided by the team.
  2. Video quality and course content are up to the standards.
  3. All of it is Hands-on, so at the end of the course, you will feel you learned.
  4. The best part is, they have a dedicated Discord server, in case you run into any issues and they are very active.
  5. One has to note that, there are no exams or certifications.


For the price, the course is really good and I would definitely recommend this for anyone who would like to build, break, and learn their Kubernetes cluster.

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store