Overview
Dive into a 30-minute video tutorial exploring Docker hacking fundamentals. Learn about container concepts, Docker images, and various namespaces including Mount, Process, Network, and UTS. Explore user remapping, cgroups for PID and memory management, and capabilities like CAP_SYS_ADMIN. Discover security measures such as Seccomp, AppArmor, and authorization plugins. Examine software vulnerabilities, including the runc CVE-2019-5736, and understand the risks associated with privileged containers, volumes, bind mounts, and network services. Gain insights through case studies and access additional resources for further learning in Docker security.
Syllabus
Intro
What is a "Container"?
Docker images
Docker example
Chroot
Namespaces - Mount Namespace
Namespaces - Process Namespace
Namespaces - Network Namespace
Namespaces - UTS Namespace
Namespaces - User remapping
Namespaces - 'nsenter
Cgroups - PIDS
Cgroups - Memory
Capabilities - CAP_SYS_ADMIN
Seccomp/ Apparmor
Authorization Plugins
Summary
Software Vulnerabilities
Runc CVE-2019-5736
Dockerd / Containerd API Access
Privileged containers
Volumes, Bind Mounts and External Processes
Network Services
Case Studies
Further Reading
Taught by
HackerOne