View profile

Having fun by abusing Docker - DevSecOps Thursday #8

I found an excellent article by @opsxcq about how an attacker can escape from a compromised docker c
Having fun by abusing Docker - DevSecOps Thursday #8
By Yuval Oren • Issue #8 • View online
I found an excellent article by @opsxcq about how an attacker can escape from a compromised docker container and get access to host resources.
At first glance, it may seem like this is not a common use case, and that no one actually shares the Docker socket with the containers, but that is not the case. Build servers and monitoring containers do use the docker socket quite often.
The article is in the form of a lab that you can run on your own, so if you never got to hack a system, this is a great and actionable walkthrough.
One thing though - Don’t forget to wear your hoodie while you are hacking away.
Go ahead and read the article bellow.

Did you enjoy this issue?
Yuval Oren

SecOps Thursday

If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue