Description
We use a hands-on approach during instruction to permit students to learn about container security within Docker and Kubernetes in an accelerated, and practical curriculum. We teach containers from start to finish using our hands-on cyber-range with a focus on cyber-security.
Learning Objectives
Participants of this course will learn:
- Docker and Kubernetes containers
- Limitations and risks for containers workloads
- Testing and validating existing security defenses using containers
- Preventing container escapes in Windows systems
- Preventing container escapes in Linux systems
- Auditing Kubernetes deployments
- Use containers to analyze malware and network communications
- Use cyber-security tools within containers
Overall Proficiency Level: 2 – Intermediate
Course Catalog Number: K4CS
Course Prerequisites:
- 1. Familiarity with containers
- 2. Familiarity with Windows and Linux operating systems
- 3. Modern operating system with web-browser
- 4. Stable internet connectivity
- 5. Microsoft Teams account (free accounts available)
Training Purpose: Functional Development, Skill Development
Delivery Method: Online, Instructor-Led, Remote
Course Length: 2 Days
Languages: English or Spanish options for instruction. Please select correct date and language for course instruction.
Benefits: 3-years course material updates. 60 day access to Kleared4 after course completion.
Standard support over business hours EST/EDT 0800-1700 8am-5pm
Government PO accepted.
10% discounts available for groups of 10 participants or more.
16 hours of instruction with continuing education certificate upon complete attendance
Syllabus
Day 1 — Core Fundamentals and Threat Landscape
Time |
Module |
Topics |
09:00 – 09:30 |
Introduction & Course Objectives |
Overview of container security goals, attack and defense scope, and course structure. |
09:30 – 10:30 |
Module 1: Container Fundamentals |
Container vs. VM isolation; namespaces (PID, NET, MNT, UTS, IPC, USER); cgroups; container lifecycle; orchestration basics. |
10:30 – 10:45 |
Break |
— |
10:45 – 12:00 |
Module 2: Limitations & Risks |
Shared kernel risks; breakout scenarios; over-privileged configurations; host file system exposure; kernel-level attack surfaces. |
12:00 – 13:00 |
Lunch |
— |
13:00 – 14:15 |
Module 3: Security Defense Validation |
Using containers for attack simulation; safe testing of isolation; validating audit and enforcement configurations; controlled offensive testing in purple team workflows. |
14:15 – 14:30 |
Break |
— |
14:30 – 15:45 |
Module 4: Windows Container Escape Prevention |
Process vs. Hyper-V isolation; kernel sharing risks; named pipe abuse; registry hardening; least-privilege execution; monitoring escape attempts. |
15:45 – 17:00 |
Lab Preparation & Q&A |
Environment setup for Day 2 labs; addressing configuration pitfalls before hands-on sessions. |
Day 2 — Hardening, Auditing, and Applied Security
Time |
Module |
Topics |
09:00 – 10:15 |
Module 5: Linux Container Escape Prevention |
Dropping capabilities; seccomp syscall filtering; AppArmor/SELinux confinement; rootless containers; read-only and device restrictions. |
10:15 – 10:30 |
Break |
— |
10:30 – 11:45 |
Module 6: Kubernetes Deployment Auditing |
Cluster configuration review; RBAC least privilege; network segmentation; pod security controls; manifest anti-pattern detection. |
11:45 – 12:45 |
Lunch |
— |
12:45 – 14:00 |
Module 7: Malware & Network Analysis in Containers |
Isolated execution for malware detonation; restricting outbound channels; monitoring network activity; behavioral logging; safety considerations. |
14:00 – 14:15 |
Break |
— |
14:15 – 15:15 |
Module 8: Running Security Tools in Containers |
Encapsulating security utilities; environment consistency; operational containment; privilege implications; workflow integration. |
15:15 – 16:45 |
Hands-On Lab Series |
Eight labs covering attack simulation, hardening, escape mitigation, auditing, malware analysis, and tool deployment (see detailed lab section). |
16:45 – 17:00 |
Course Wrap-Up & Final Review |
Summary of key techniques; review of common pitfalls; final Q&A; next steps for continued learning. |
Lab Section (Conducted in Day 2 Afternoon)
-
Container Basics & Isolation Inspection — Understand isolation boundaries.
-
Privilege Escalation via Misconfiguration — Demonstrate unsafe configuration impacts.
-
Defense Validation — Simulate attacks to confirm detection.
-
Windows Escape Scenario — Explore and mitigate host exposure.
-
Linux Hardening with Capabilities & SELinux — Apply and test kernel-level security features.
-
Kubernetes Audit Exercise — Identify and remediate insecure configurations.
-
Malware Analysis Sandbox — Observe network and system behavior of a sample.
-
Containerized Tool Deployment — Run a security function within an isolated environment.