Abstract
OWASP EKS Goat is a deliberately vulnerable AWS EKS environment designed to help security engineers, cloud practitioners, and red/blue teams learn real-world attack and defense techniques in Kubernetes. The project covers IAM and RBAC misconfigurations, container escapes, supply-chain attacks, and cloud-native detection and prevention strategies through hands-on labs.
Attack scenarios include exploiting Jenkins CVE-2024-23897 to leak IAM credentials via IMDSv2, backdooring ECR images, deploying compromised images into EKS clusters, privilege escalation and pod-to-node breakout, and abusing IAM roles to exfiltrate S3 data.
Defense scenarios cover auditing with Kubescape and Kubebench, implementing Pod Security Context and Kyverno policies, runtime detection via eBPF-based Tetragon, ECR repository hardening, and AWS GuardDuty monitoring.
Presented at Black Hat Europe 2025 Arsenal, December 8-11, London. The project is an official OWASP project maintained by Divyanshu Shukla and Anjali Singh Shukla.