Explore Docker containerization and its impact on offensive security operations in this 39-minute Black Hat conference talk. Gain insights into the vulnerability lifecycle, attacker vs. defender perspectives, and implications for application security testing. Learn how containerization affects exploitation expectations and discover practical applications through a demonstration. Ideal for penetration testers seeking to understand the security implications of multi-container applications.
An Attacker Looks at Docker - Approaching Multi-Container Applications
Overview
Syllabus
Introduction
Purpose of this talk
Prior Art
What is Docker
Vulnerability Lifecycle
Attacker vs Defender
Application Development
Containerization
Hello World vs Docker
Redis
Application Security Tester
Control Over Execution
Containerization for Attackers
Application Security Testing
Exploitation Expectations
Implications
Demo
Conclusions
Contact information
Taught by
Black Hat
Related Courses
-
An Attacker Looks at Docker - Approaching Multi-Container Applications
-
Vulnerability Exploitation in Docker Container Environments
-
Windows Defender - Demystifying and Bypassing ASR by Understanding the AV's Signatures
-
Reflections on Trusting TrustZone
-
Well, That Escalated Quickly! How Abusing Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
-
Finding the Needle in the Hardware Haystack - Identifying and Exploiting Vulnerabilities
