MISC 113 - Attack on Docker Environnment : Compromise and Evasion

· 1 min read

This article has been published in the french magazine MISC n°113, in Pentest Corner section, and talks about attacks in a Docker context. Some aspects of how it is possible to compromise an host or a container or how it is possible to abuse some misconfiguration in a container to breakout from it.

Some of points evoked on the article will be post on this blog too.

Abstract :

In recent years, we have seen an increasing evolution of containerized environments and in particular the use of Docker. The arguments raised by users are multiple: scalability, flexibility, adaptability, resource management …

As security consultants, we are therefore increasingly faced with this tool. Through this article, we want to share our experience and demystify what we hear all too often in DevOps : Docker is secure by default.

Summary

  1. Docker asset compromise
    1. Host compromise
    2. Container compromise
  2. Container Breakout
    1. Reconnaissance
    2. Kernel exploitation
    3. Abusing privileged mode
    4. Abusing capabilities
  3. Defense and countermeasures

Online article : https://connect.ed-diamond.com/MISC/MISC-113/Attaques-en-environnement-Docker-compromission-et-evasion

misc-113.jpg