Null offensive hacking hands-on training.
Proposed sessions for this event:
- Attacking Docker Containers by Satheesh Kumar Varatharajan
Workshop Objective:
To introduce Docker to security professionals and help them understand how it works,
How we as security professionals can use Docker during our engagements and save time.
How we could attack Docker
Table of Contents:
• Introduction to Docker
• How Docker works
• Running Basic docker commands
◦ docker pull
◦ docker images
◦ docker run
◦ docker exec
• How to write a Dockerfile
• Docker compose
• Scanning docker images for security vulnerabilties using tools
• Attacking Docker
◦ Enumerating Docker containers
◦ Using code execution to gain access to host machine
▪ Using docker.sock file mounted on host machine
▪ Adding user to host machine leveraging volume mount misconfiguration
◦ Case study of CVE-2019-5736
• Hardening Docker
Pre-requisites:
1. Comfortable using basic linux commands
2. Comfortable using bind and reverse shell
Software Pre-requisites:
Attendees must ensure that they have following,
1. Working AWS account to create EC2 instance under free tier
2. If using a Windows machine have SSH client installed and ensure that you could connect to the AWS EC2 instance.
3. Laptop with working internet connection as the venue might not provide internet connetion.
Additional Information:
Please ensure that you have a working AWS account and internet connection.
If you have any problems with your AWS account please get in touch with the AWS support team and have your account activated.
Date | Saturday May 11 2019 |
---|---|
Chapter | Bangalore |
Registrations | 48 |
Max Registrations | 50 |
Event Type | Invite Only |
Start Time | 09:30 AM |
End Time | 03:30 PM |
Session Schedule
Name | Speaker | Start Time | End Time | Resources |
---|---|---|---|---|
Attacking Docker Containers | Satheesh Kumar Varatharajan | 09:30 AM | 03:30 PM |
Venue
This is an invite only event. If you are selected you will receive further information via e-mail.