Abusing insecure docker deployments

published on
Is possible to abuse and escape from containers in several scenarios, in this post I will explore the most basic one: abusing the docker socket to escape the container and run code as root in the host machine. Table of Contents Lab setup Attack Information gathering Getting access Escalating privileges Lab setup Since we will be using containers, you have to install docker to be able to run this lab. Read More...

Running Cron tasks on docker - The correct way

published on
While is perfectly possible to use cron inside a container, I strongly advise you to don’t do it. Some of the most important points on why is a bad practice to run cron inside a container: Your tasks need to be ephemeral as your containers We live in the immutable infrastructure era, there is no need to worry about cleaning up everything before or after your tasks run. Make your scheduled tasks ephemeral as your containers, if something goes wrong, you can inspect the precise state that the container was left. Read More...