Overview
Explore Docker container security vulnerabilities and exploitation techniques in this 49-minute Black Hat conference talk. Delve into the concerns surrounding containerization security, with a focus on Docker and LXC-based solutions. Learn about Linux control groups (cgroups), kernel-level isolation, and potential data theft risks. Witness real-world Docker implementation exploits and discover mitigation strategies. Cover topics such as Docker basics, remote API events, Linux namespaces, user namespaces, Docker installation, networking, and escape techniques. Examine decompression as a high ROI attack vector, discuss the presence of Bash in Docker containers, and consider modern analogies to Android malware. Gain insights into ELF malware concerns and the security implications of Docker Hub.
Syllabus
ABOUT ANTHONY BETTINI
CONTROL GROUPS (CGROUPS)
DOCKER VS. LXC
DOCKER BASICS
DOCKER REMOTE API EVENTS (ARCHITECTURE)
LINUX NAMESPACES
USER NAMESPACES
VULNERABILITIES & MALWARE
DOCKER INSTALLATION
DOCKER NETWORKING
DOCKER ESCAPE (FIXED)
DECOMPRESSION HIGHEST ROI ATTACK VECTOR
BASH IN A DOCKER CONTAINER?
MODERN ANALOGY
ANDROID MALWARE
IS ELF MALWARE REALLY A CONCERN?
DOCKER HUB
Taught by
Black Hat