Overview
Explore containerization and its impact on offensive operations in this 39-minute Black Hat conference talk aimed at experienced penetration testers. Gain insights into Docker, vulnerability lifecycles, and application security testing while learning how containerization affects exploitation and post-exploitation techniques. Discover practical implications through a demonstration and understand how to approach multi-container applications from an attacker's perspective.
Syllabus
Introduction
Penetration Testing
Purpose
Prior Art
What is Docker
Vulnerability lifecycle
How do you keep up
Development abstraction
Containerization
Hello World vs Docker
How Docker works
Control over execution
Containerization for attackers
Application security testing
Exploitation
Target Attack
Implications
Demo
Conclusions
Contact information
Taught by
Black Hat