Understand the functionality offered by Kubernetes

–

Understands the key differences between virtualisation and containerisation

–

Can identify and interrogate running containers on a host

–

Understands the concepts of layered filesystems and how to extract and analyse specific layers within an image

–

Can identify common vulnerabilities and weaknesses present in containers, including:
• Missing security patches
• Weak file permissions
• Insufficient or lack of resource quotas
• Presence of sensitive information in environment variables, running processes or filesystem

–

Understands and can analyse Dockerfile files to uncover weaknesses in static images, including:
• Use of unencrypted connections for performing downloads
• Use of overly generous permissions, e.g. running as the root user 30
• Inclusion of sensitive information, e.g. passwords or private keys
• Unnecessary exposure of ports

Can demonstrate how to take snapshots and techniques for recovering key sensitive information 

–

Understands the security implications of reverting a VM to a previous state 

–

Understands the sensitive nature of snapshot files and the need to restrict access

Understands and can demonstrate common techniques for escaping a virtualised environment, including:
• Directory traversal in shared folders
• Virtual device communication breakout
• Public CVEs relating to memory corruption

Can identify use of popular virtualisation technologies, including:
• VMware • Microsoft HyperV • Citrix • Oracle VirtualBox

–

Understands common vulnerabilities found in hypervisors, including:
• Exposure of management interface
• Use of default or insecure credentials
• Common high profile CVEs

–

Understands the inherent risks in shared virtualised environments, e.g. shared memory space