H4ck1ng Kubern3tes

Threat-driven Analysis & Defense

View the Project on GitHub hacking-kubernetes/hacking-kubernetes.info

Free Download

ControlPlane is sponsoring the first four chapters of the book, download them for free.

Hacking Kubernetes

Running cloud native workloads on Kubernetes can be challenging: keeping them secure is even more so. Kubernetes’ complexity offers malicious in-house users and external attackers alike a large assortment of attack vectors. In this book, Andrew Martin and Michael Hausenblas review Kubernetes defaults and threat models and shows how to protect against attacks.

The book is published and available via O’Reilly or Amazon.

book cover


About the authors

Based on our combined 10+ years of hands-on experience designing, running, attacking, and defending Kubernetes-based workloads and clusters, we want to equip you, the cloud native security practitioner, with what you need to be successful in your job.

We both have served in different companies and roles, gave training sessions, and published material from tooling to blog posts as well as have shared lessons learned on the topic in various public speaking engagements. Much of what motivates us here and the examples we use are rooted in experiences we made in our day-to-day jobs and/or saw at customers.

Notable CVEs

Unless noted, these CVEs are patched, and are here to serve only as a historical reference. See also @rasene’s HackMD.