Container Escapes 101
Welcome to Container Escapes 101 at the AppSec Village at DEF CON 33!! 🎯 Goal: to have a working knowledge of container escapes and how each security measure or risk maps to potential for exploit...
Welcome to Container Escapes 101 at the AppSec Village at DEF CON 33!! 🎯 Goal: to have a working knowledge of container escapes and how each security measure or risk maps to potential for exploit...
👻 It’s spooky season, so let’s do something a little scary … give AI a bit of power in one of my projects1. I have a chore that’s pure drudgery. It isn’t difficult or fun, just needs to be done m...
It’s been a minute since I’ve done much with custom GitHub Actions runners, but I’ve still been merging Dependabot PRs and otherwise keeping the lights on. While I wrote a few tests, there’s been ...
Working our way up the container stack, a runtime is what takes an image and runs it. It also manages its resources, like virtual networking or shared host file system access. A runtime also prov...
A third year of writing on the internet, penning 32 posts for a total of 110 posts. The best part of trying to set a course for the next year is seeing how far I am from both the starting point an...
Last time, we learned that containers are Linux processes with a few extra guardrails in what’s a container, anyways. These processes need a Linux-based system to run on. Let’s take a look at the...
So far, we’ve been SSH’d directly into our host node. This isn’t how we normally have access to escape so … how does these tactics still work? We’re going to use the same storage-based escapes as...
In this workshop, we’re going to mess with the host’s memory from inside a container. 😈 This workshop is the only one that requires an x86_64 architecture to run. Other architectures will lik...
In this workshop, we’re going to use a common configuration to avoid one bad security thing (explicitly privileged containers) by implementing another only-slightly-better feature - sharing the con...
In this workshop, we’re going to use the default container runtime group to escalate our privileges on the host. This is useful to escalate privileges by launching a privileged process even if we ...