├── .gitignore ├── LICENSE ├── README.md ├── ch00_setup ├── README.md ├── aws │ ├── .tool-versions │ ├── ec2.tf │ ├── environments │ │ └── prd │ │ │ ├── main.tf │ │ │ └── userdata.bash │ ├── iam.tf │ ├── locals.tf │ ├── provider.tf │ ├── terraform.tf │ ├── variables.tf │ └── vpc.tf └── k8s │ ├── helm │ ├── README.md │ ├── helmfile.yaml │ └── values │ │ ├── cilium.values.yaml │ │ ├── ingress-nginx.values.yaml │ │ ├── kubeclarity.values.yaml │ │ ├── tetragon.values.yaml │ │ ├── unguard-mariadb.values.yaml │ │ └── unguard.values.yaml │ ├── kind │ ├── audit-policy.yaml │ └── kind-config.yaml │ └── manifests │ └── hubble-ingress.yaml ├── ch01_k8s_intro ├── README.md ├── manifests │ ├── nginx-deployment.yaml │ ├── nginx-ingress.yaml │ ├── nginx-pod.yaml │ ├── nginx-service-nodeport.yaml │ └── nginx-service.yaml └── training.md ├── ch02_environment ├── README.md ├── images │ ├── hubble-servicemap.png │ ├── hubble-top.png │ ├── unguard-nologin.png │ └── unguard-ui.png └── training.md ├── ch03_attacking_k8s ├── README.md ├── attack_scenario.md ├── images │ ├── container-matrix.png │ ├── k8s-diagram-01.png │ ├── k8s-diagram-02.png │ ├── k8s-diagram-03.png │ ├── k8s-diagram-04.png │ ├── k8s-diagram-05.png │ ├── k8s-diagram-06.png │ ├── k8s-matrix.png │ └── unguard-attack.png ├── manifests │ └── manifests.yaml └── training.md └── ch04_hardening_k8s ├── README.md ├── images ├── 4c-sdlc.png ├── kubeclarity-application.png ├── kubeclarity-dashboard.png ├── kubeclarity-scan.png ├── unguard-image-error.png └── unguard-image.png ├── manifests ├── file-access-restrictions.yaml ├── nginx-seccomp.yaml ├── nginx-securit-context-error.yaml ├── nginx-securit-context.yaml └── only-clusterip-access.yaml ├── training.md └── trivy ├── trivy-result-cis.txt ├── trivy-result-misconfig.txt ├── trivy-result-nsa.txt └── trivy-result-pss.txt /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/README.md -------------------------------------------------------------------------------- /ch00_setup/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/README.md -------------------------------------------------------------------------------- /ch00_setup/aws/.tool-versions: -------------------------------------------------------------------------------- 1 | terraform 1.4.4 2 | -------------------------------------------------------------------------------- /ch00_setup/aws/ec2.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/ec2.tf -------------------------------------------------------------------------------- /ch00_setup/aws/environments/prd/main.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/environments/prd/main.tf -------------------------------------------------------------------------------- /ch00_setup/aws/environments/prd/userdata.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/environments/prd/userdata.bash -------------------------------------------------------------------------------- /ch00_setup/aws/iam.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/iam.tf -------------------------------------------------------------------------------- /ch00_setup/aws/locals.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/locals.tf -------------------------------------------------------------------------------- /ch00_setup/aws/provider.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/provider.tf -------------------------------------------------------------------------------- /ch00_setup/aws/terraform.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/terraform.tf -------------------------------------------------------------------------------- /ch00_setup/aws/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/variables.tf -------------------------------------------------------------------------------- /ch00_setup/aws/vpc.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/aws/vpc.tf -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/README.md -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/helmfile.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/helmfile.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/values/cilium.values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/values/cilium.values.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/values/ingress-nginx.values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/values/ingress-nginx.values.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/values/kubeclarity.values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/values/kubeclarity.values.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/values/tetragon.values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/values/tetragon.values.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/values/unguard-mariadb.values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/values/unguard-mariadb.values.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/helm/values/unguard.values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/helm/values/unguard.values.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/kind/audit-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: audit.k8s.io/v1 2 | kind: Policy 3 | rules: 4 | - level: Metadata 5 | -------------------------------------------------------------------------------- /ch00_setup/k8s/kind/kind-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/kind/kind-config.yaml -------------------------------------------------------------------------------- /ch00_setup/k8s/manifests/hubble-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch00_setup/k8s/manifests/hubble-ingress.yaml -------------------------------------------------------------------------------- /ch01_k8s_intro/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/README.md -------------------------------------------------------------------------------- /ch01_k8s_intro/manifests/nginx-deployment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/manifests/nginx-deployment.yaml -------------------------------------------------------------------------------- /ch01_k8s_intro/manifests/nginx-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/manifests/nginx-ingress.yaml -------------------------------------------------------------------------------- /ch01_k8s_intro/manifests/nginx-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/manifests/nginx-pod.yaml -------------------------------------------------------------------------------- /ch01_k8s_intro/manifests/nginx-service-nodeport.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/manifests/nginx-service-nodeport.yaml -------------------------------------------------------------------------------- /ch01_k8s_intro/manifests/nginx-service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/manifests/nginx-service.yaml -------------------------------------------------------------------------------- /ch01_k8s_intro/training.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch01_k8s_intro/training.md -------------------------------------------------------------------------------- /ch02_environment/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch02_environment/README.md -------------------------------------------------------------------------------- /ch02_environment/images/hubble-servicemap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch02_environment/images/hubble-servicemap.png -------------------------------------------------------------------------------- /ch02_environment/images/hubble-top.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch02_environment/images/hubble-top.png -------------------------------------------------------------------------------- /ch02_environment/images/unguard-nologin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch02_environment/images/unguard-nologin.png -------------------------------------------------------------------------------- /ch02_environment/images/unguard-ui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch02_environment/images/unguard-ui.png -------------------------------------------------------------------------------- /ch02_environment/training.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch02_environment/training.md -------------------------------------------------------------------------------- /ch03_attacking_k8s/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/README.md -------------------------------------------------------------------------------- /ch03_attacking_k8s/attack_scenario.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/attack_scenario.md -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/container-matrix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/container-matrix.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-diagram-01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-diagram-01.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-diagram-02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-diagram-02.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-diagram-03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-diagram-03.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-diagram-04.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-diagram-04.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-diagram-05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-diagram-05.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-diagram-06.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-diagram-06.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/k8s-matrix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/k8s-matrix.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/images/unguard-attack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/images/unguard-attack.png -------------------------------------------------------------------------------- /ch03_attacking_k8s/manifests/manifests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/manifests/manifests.yaml -------------------------------------------------------------------------------- /ch03_attacking_k8s/training.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch03_attacking_k8s/training.md -------------------------------------------------------------------------------- /ch04_hardening_k8s/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/README.md -------------------------------------------------------------------------------- /ch04_hardening_k8s/images/4c-sdlc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/images/4c-sdlc.png -------------------------------------------------------------------------------- /ch04_hardening_k8s/images/kubeclarity-application.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/images/kubeclarity-application.png -------------------------------------------------------------------------------- /ch04_hardening_k8s/images/kubeclarity-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/images/kubeclarity-dashboard.png -------------------------------------------------------------------------------- /ch04_hardening_k8s/images/kubeclarity-scan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/images/kubeclarity-scan.png -------------------------------------------------------------------------------- /ch04_hardening_k8s/images/unguard-image-error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/images/unguard-image-error.png -------------------------------------------------------------------------------- /ch04_hardening_k8s/images/unguard-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/images/unguard-image.png -------------------------------------------------------------------------------- /ch04_hardening_k8s/manifests/file-access-restrictions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/manifests/file-access-restrictions.yaml -------------------------------------------------------------------------------- /ch04_hardening_k8s/manifests/nginx-seccomp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/manifests/nginx-seccomp.yaml -------------------------------------------------------------------------------- /ch04_hardening_k8s/manifests/nginx-securit-context-error.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/manifests/nginx-securit-context-error.yaml -------------------------------------------------------------------------------- /ch04_hardening_k8s/manifests/nginx-securit-context.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/manifests/nginx-securit-context.yaml -------------------------------------------------------------------------------- /ch04_hardening_k8s/manifests/only-clusterip-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/manifests/only-clusterip-access.yaml -------------------------------------------------------------------------------- /ch04_hardening_k8s/training.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/training.md -------------------------------------------------------------------------------- /ch04_hardening_k8s/trivy/trivy-result-cis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/trivy/trivy-result-cis.txt -------------------------------------------------------------------------------- /ch04_hardening_k8s/trivy/trivy-result-misconfig.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/trivy/trivy-result-misconfig.txt -------------------------------------------------------------------------------- /ch04_hardening_k8s/trivy/trivy-result-nsa.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/trivy/trivy-result-nsa.txt -------------------------------------------------------------------------------- /ch04_hardening_k8s/trivy/trivy-result-pss.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kyohmizu/seccamp2024-B6/HEAD/ch04_hardening_k8s/trivy/trivy-result-pss.txt --------------------------------------------------------------------------------