Docker is one of the most popular services to run containerized applications and it utilizes containerd and runc at a low level. This became popular because of its ease of use and intuitive experience. There are some misconfigurations that are left in the setup that can easily be exploited and few of them even let you break out of the containerized environment.

In this series, I will be explaining to you the basic concepts of the docker internals and how you can exploit certain misconfigurations to gain root user access or breakout of the containerization via both remote and local exploits. Also later in this course, you will learn how to secure your existing docker environment by following best practices from the experts.

Prerequisite Knowledge

• Linux Privilege Escalation Series
• Basic Knowledge of the Docker (Optional)
• DevOps System Hacking – LiveOverflow (Optional)
• Docker for Beginners – TechWorld with Nana (Optional)

Requirements

• Account of Pentester Academy to Practice Labs (Optional)
• A Modern Browser (Chrome is Recommended)

Topics

Getting Started with the Docker Ecosystem

• Understanding the Container Architecture
• Getting your Hands Dirty with Multi Container Architecture Setup
• How does Docker run Containers Under the Hood
• Docker Resource Management in Detail
• Why Pivot Root is Used for Containers
• Creating your Own Base Image from Scratch

Understanding the Misconfigurations in the Setup and Exploiting them

• Exploiting Micro Services Running in Docker
• Analyzing Docker Image for Retrieving Secrets
• Exploiting Insecure Docker Registry
• Hunting Secrets from Containers by Analysing Docker Images
• Interacting with Protected Docker Registry
• Corrupting the Source Docker Image
• Container Environment Breakout (Part 1 and Part 2)
• Attacking Docker Daemon Service (Part 1 and Part 2)
• Breakout from the Seccomp Unconfined Container
• Exploiting Security Checks on Bind Mount
• Bypass the Docker Firewall Plugin by Abusing the REST API

Securing your Docker Environment

• Securing your Docker Environment with AppArmor
• Hunting for Malicious Binaries in the Running Containers
• Identify and Fix Misconfigurations in Dockerfile via Linters
• Identify known Vulnerabilities in Docker Image using Clair
• Basics of Seccomp for Docker Containers
• Secure the Docker Registry with Password and TLS Certificates
• Implement TLS Certificates with Docker Engine API
• Identify the issues in Docker setup using Dockscan
• Prevent Privilege Escalation from Container Breakout via UserNS Remapping
• Observe Malicious Actions being Detected using Falco