Welcome to Container Escapes 101 at the AppSec Village at DEF CON 33!! 🎯 Goal: to have a working knowledge of container escapes and how each security measure or risk maps to potential for exploit...

A third year of writing on the internet, penning 32 posts for a total of 110 posts. The best part of trying to set a course for the next year is seeing how far I am from both the starting point an...

Last time, we learned that containers are Linux processes with a few extra guardrails in what’s a container, anyways. These processes need a Linux-based system to run on. Let’s take a look at the...

So far, we’ve been SSH’d directly into our host node. This isn’t how we normally have access to escape so … how does these tactics still work? We’re going to use the same storage-based escapes as...

In this workshop, we’re going to mess with the host’s memory from inside a container. 😈 This workshop is the only one that requires an x86_64 architecture to run. Other architectures will lik...

In this workshop, we’re going to use a common configuration to avoid one bad security thing (explicitly privileged containers) by implementing another only-slightly-better feature - sharing the con...

In this workshop, we’re going to use the default container runtime group to escalate our privileges on the host. This is useful to escalate privileges by launching a privileged process even if we ...

In this workshop, we’re going to start exploring escapes using chroot. This is a great way to cross the boundary between a container’s filesystem and the host’s filesystem. This one starts with ...

In this workshop, we’re going to write to the host’s filesystem from inside of a container using a shared mountpoint. This is a good tactic to gain persistence, but also to escalate privileges or ...

Seccomp 101 The lowest level of our container stack is the operating system on the host. These resources are accessed by any process in the operating system (a container or not) by system calls (...