Explore the security implications of Windows process-isolated containers in this Black Hat conference talk. Delve into the foundations of cloud services, focusing on virtualization and container isolation. Examine how Windows isolates container processes and filesystems, and prevents containers from executing potentially harmful syscalls. Investigate the implementation of Ntoskrnl using server silos and job objects. Discover answers to critical questions about container isolation and potential attacker capabilities. Learn about past vulnerabilities, anti-system debugging techniques, UEFI, and NVM. Conclude with a demonstration and discussion of mitigation strategies for enhanced container security.
The COW - Container On Windows Who Escaped the Silo
Overview
Syllabus
Introduction
Containers
User flag
Past vulnerabilities
Trivia
AntiSystem Debug
UEFI
NVM
Demo
Mitigation
Taught by
Black Hat
Related Courses
-
Nabla Containers - A New Approach to Container Isolation
-
Windows Containers: Architecture, Security, and the Siloscape Vulnerability
-
Linux Container in Windows 10 or Windows 2016 Deep Dive
-
Deploying Applications to Windows Containers and Windows Server 2016
-
Deploying Docker Containers on Windows Server 2016
-
Deploying Applications as Containers on Windows Server 2016
