Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
But a Docker escape is also valuable for defenders: hacking Docker containers to achieve an escape is a fun way to better understand a vulnerability and better protect yourself against these exploits!
In this hands-on video, we'll look at three real-life scenarios where you can actually break out of a Docker container:
– Breaking out of a Docker in Docker/Docker from a Docker container (DinD/DooD)
– Breaking out of a container by abusing the Release_Agent of Cgroups V1
– Breaking out of a container within a misconfigured pod in Kubernetes.
And then we'll briefly explain why the container breakout was possible and how you can defend yourself against it.
There is always a new exploit or a new #DockerEscape around the corner.
Stay up to date with our latest cloud security articles on our blog:
https://sysdig.com/blog/
—
Chapter:
0:00 Introduction
0:21 Key concepts
1:43 Practical Escape: DinD/DooD
6:07 Practical escape: cgroups v1 release_agent
11:12 Practical experience in escaping: Kubernetes pod
15:06 Why it worked: DinD/DooD
16:33 Why it worked: cgroups v1 release_agent
19:33 Why it worked: Kubernetes Pod
21:35 Conclusion
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.