Hey there everyone, I am Gurkirat Singh (aka tbhaxor). I do full-stack development to fund my own learning and experiments. I am a cybersecurity enthusiast and like sharing my knowledge.
Prevent Privilege Escalation from Container Breakout via UserNS Remapping
Hello World! In my previous posts, I have discussed a lot on how does a user with certain capabilities can escape the docker container and execute commands on the root of the host. The naive approach to fix this issue could be the combination of the following * Disable capabilities like
Process Injection using CreateRemoteThread API
CreateRemoteThread is the oldest method of process injection, and it is easily detectable. However, this establishes the foundations for process injection and code execution. This blog post will provide you with a thorough and practical explanation of how it works.
Hunting Secrets from Containers by Analysing Docker Images
Docker images are used to create containers and contain some secrets that can be extremely useful when exploiting applications. In this post, you will learn how to search for such information in Docker images or Dockerfiles in order to gain unauthorised access.
Hunting for Malicious Binaries and Backdoors in the Running Containers
An attacker might exploit one of the container's service and install malicious apps or a backdoor to get access to your container later. In this post, you'll learn how to use the "docker diff" plugin to do forensics and incident response on a running docker container.
Getting your Hands Dirty with Multi Container Architecture Setup
In the projects, many containers are employed to segregate the logic for ease of development and scaling. It also helps to reduce the impact on other components if one is compromised. In less than 10 minutes, you'll learn how to build such setup using docker-compose.