Skip to content
>_
SecOps
Log
_
Home
Courses
Learning path
Resources
Topics
Blog
All courses
Kubernetes attack & defense
Advanced
5 sections · 15 lessons · ~9h total · 60-question self-test
Start course
01
Threat model & ATT&CK
3 lessons
Test yourself
01
The cluster attack surface
Exposed API/kubelet/etcd, IMDS, and blast radius.
30 min
02
ATT&CK for Kubernetes
The adversary playbook and coverage mapping.
30 min
03
Threat-modeling a cluster
Trace pivots, control each hop, rank by blast radius.
30 min
02
RBAC & privilege escalation
3 lessons
Test yourself
01
RBAC & the powerful grants
secrets, pods create, exec — escalation in disguise.
35 min
02
Service-account tokens
Bound tokens, automount off, minimal reach.
30 min
03
Privilege escalation paths
escalate, bind, impersonate, and the pod path.
35 min
03
Admission control internals
3 lessons
Test yourself
01
Admission control internals
The pipeline, webhook order, and enforcement.
35 min
02
PSA, Kyverno & Gatekeeper
The pod-hardening floor plus custom policy.
30 min
03
Webhook security & bypasses
failurePolicy, exclusions, and the webhook as target.
30 min
04
Control plane & operators
3 lessons
Test yourself
01
Control plane & etcd
Encrypt secrets at rest, lock the API server, guard the CA.
35 min
02
Node & kubelet security
Pod→node blast radius, isolation, metadata blocking.
30 min
03
Operator & controller security
Privileged automation as a supply-chain dependency.
35 min
05
Attack, detect & respond
3 lessons
Test yourself
01
Lateral movement
The pivot chain and default-deny east-west.
30 min
02
Detecting cluster attacks
Audit log, runtime rules, honeytokens.
35 min
03
Kubernetes incident response
Cut identity, preserve, hunt persistence, trust.
35 min
Final exam
Test yourself on everything
60 questions drawn from all 5 sections — every answer explained as you pick.
Start final exam