I found an excellent article by @opsxcq
about how an attacker can escape from a compromised docker container and get access to host resources.
At first glance, it may seem like this is not a common use case, and that no one actually shares the Docker socket with the containers, but that is not the case. Build servers and monitoring containers do use the docker socket quite often.
The article is in the form of a lab that you can run on your own, so if you never got to hack a system, this is a great and actionable walkthrough.
One thing though - Don’t forget to wear your hoodie while you are hacking away.
Go ahead and read the article bellow.