Harnessing the Power of Docker and Kubernetes to Supercharge Your Hacking Tactics

Instructors - Anshuman Bhartiya & Anthony Bislew

Pre-Requisites - Attendees should be:

Comfortable using a MacOS/Linux shell terminal
Comfortable enough with a common scripting language (preferably Python/Ruby) to write simple tools/scripts
Familiar with command-line tools common to security professionals (e.g. curl, Nmap, etc.)
Familiar with Docker (e.g. its purpose, the concepts of containers and images, etc.)
https://www.docker.com/
Familiar with Google Cloud Platform offerings (e.g Compute Engine, Container Engine, Storage, BigQuery, etc.)
https://cloud.google.com/

A basic knowledge of Kubernetes is extremely helpful but not required. https://kubernetes.io/

Abstract - Running reconnaissance on a target network is almost always time-consuming and cumbersome. For experienced hackers, the process of manually enumerating and scanning target networks comes to feel like a gratuitous journey through Mordor on our way to the glory of shells, pivoting, and pilfering. Even worse, most of the automated reconnaissance solutions out there are expensive, limited in their effectiveness, opaque in their functionality...or all of the above.

What if you could automate your own customized approach to reconnaissance and exploitation by leveraging an entirely free and open-source framework to

1. Integrate the tools you trust and

2. Build tools of your own to capture those tricks that are unique to the special snowflake that is you?

In this workshop, we'll introduce you to the power of Docker and Kubernetes to supercharge your hacking tactics. We'll walk you through the process of building your tools as Docker images, scheduling and launching those tools in a Kubernetes cluster, and storing your results in a way that's easy to analyze and act upon. We'll spawn and destroy some attack environments and show how easy it is to do your testing without stressing out on how to get started. We'll even use some of the recon results to automate running exploitation tools against them and getting to the keys of the kingdom! By the end of this workshop you should have all the tools you need to build and extend your own recon and exploitation framework, that is supercharged and hyper scalable, thanks to Kubernetes.

Required Materials -

• Laptop with a Linux-based OS (preferably Mac/Ubuntu)

• A Google Cloud Platform (GCP) account - You can use the GCP Free Tier to get one. They give $300 worth of free credits which is more than enough. https://cloud.google.com/free/

• We will walk through installation of any other tools/software necessary such as Docker, Minikube, Google SDK, Golang, Python, etc. so you don’t have to have these pre-installed but it would help if you do.

Harnessing the Power of Docker and Kubernetes to Supercharge Your Hacking Tactics - Octavius 7