It’s been a minute since I’ve done much with custom GitHub Actions runners, but I’ve still been merging Dependabot PRs and otherwise keeping the lights on. While I wrote a few tests, there’s been ...

Working our way up the container stack, a runtime is what takes an image and runs it. It also manages its resources, like virtual networking or shared host file system access. A runtime also prov...

A third year of writing on the internet, penning 32 posts for a total of 110 posts. The best part of trying to set a course for the next year is seeing how far I am from both the starting point an...

Last time, we learned that containers are Linux processes with a few extra guardrails in what’s a container, anyways. These processes need a Linux-based system to run on. Let’s take a look at the...

So far, we’ve been SSH’d directly into our host node. This isn’t how we normally have access to escape so … how does these tactics still work? We’re going to use the same storage-based escapes as...

In this workshop, we’re going to mess with the host’s memory from inside a container. 😈 This workshop is the only one that requires an x86_64 architecture to run. Other architectures will lik...

In this workshop, we’re going to use a common configuration to avoid one bad security thing (explicitly privileged containers) by implementing another only-slightly-better feature - sharing the con...

In this workshop, we’re going to use the default container runtime group to escalate our privileges on the host. This is useful to escalate privileges by launching a privileged process even if we ...

In this workshop, we’re going to start exploring escapes using chroot. This is a great way to cross the boundary between a container’s filesystem and the host’s filesystem. This one starts with ...

In this workshop, we’re going to write to the host’s filesystem from inside of a container using a shared mountpoint. This is a good tactic to gain persistence, but also to escalate privileges or ...