KCSA Study Guide

When searching for Kubernetes and Cloud Native Security Associate (KCSA) study materials, I couldn’t find any that were both free and high-quality. So, I’ve created this resource to guide you through the curriculum and provide free resources for your studies.

Creating TryHackMe GitOops

This post will go over the creation of the TryHackMe room GitOops.

Once the room has been released + some time I’ll update this

CloudGoat SNS Secrets

Warning Spoilers Ahead!

This is a write up the CloudGoat scenario sns_secrets and was created by the one and only Tyler Ramsbey.

Another walkthrough of the scenario can be found on TryHackMe which uses the Pacu SNS modules, mines uses the AWS CLI.

At time of writing this the scenario is still a GitHub Pull Request but its ready!

TryHackMe 'Frank and Herby try again.....'

This walk through of TryHackMe room “Frank and Herby try again…..” goes over how to escape from a container to take over the underlying node.

This room is a sequel of Frank & Herby make an app which is also Kubernetes themed.

2024 Northeast CCDC

This post goes over some of our methodology & rationale when we created this year’s (2024) Northeast Collegiate Cyber Defense League competition environment.

Topics that I’m planning to cover

I also have another post going through the CTF challenges we released

K8s LAN Party

Warning Spoilers!

This walkthrough goes over the 5 Kubernetes LAN Party challenges created by wiz.io.

https://k8slanparty.com/

2024 Northeast CCDC Challenges

Warning Spoilers!

Challenges

This writeup goes over the challenges created by the Black Team leading up to the 2024 Northeastern CCDC Competition.

There were a total of 4 challenges:

I also go into our thought process when making the challenges.

TryHackMe 'Frank & Herby make an app'

Learn how the misconfiguration of containers can lead to opportunities for some and disasters for others.

https://tryhackme.com/room/frankandherby

TryHackMe Insekube

Exploiting Kubernetes by leveraging a Grafana LFI vulnerability

https://tryhackme.com/room/insekube

TryHackMe Umbrella

Breach Umbrella Corp’s time-tracking server by exploiting misconfigurations around containerisation.

https://tryhackme.com/room/umbrella