Time: 10:30 AM - 12:30 PM
Important Note: Workshop registration will be based on first come, first served basis and starts at the badge collection time (8:00 AM)
This workshop introduces students to the security concepts associated with Docker. Docker is a popular software and it is widely used in Information Technology Industry. It’s popularity also brings a larger attack surface and thus it is important to understand it’s security aspects to be able to protect Docker containers. This workshop is designed for students with any experience. If you never used Docker, its fine we got you covered with the required basics. If you have used Docker for containerizing your applications, we have covered some advanced topics such as escaping from containers to host using misconfigured containers, installing kernel modules from the containers etc. Regardless of your experience with Docker, we have got you covered here.
Section 1: Fundamentals of Docker
• Lab setup
• Introduction to Docker
• Virtual Machines vs Containers
• Building your first docker image
• Running your first docker container
• Images vs Containers
• Cleaning up Docker images and containers
• Cgroups, namespaces and capabilities
Section 2: Docker Security
• Docker Attack surface
• Vulnerable images
• Backdooring existing images
• Privilege escalation using volume mounts
• Container escape using docker.sock
• Container escape using dangerous capabilities
• Abusing –privileged flag
• Abusing Docker remote API
• Accessing Secrets
• Automated tools for vulnerability assessments
• Defending using apparmor and seccomp profiles
Pre-requisites for the attendees:
• Students must bring a laptop with VirtualBox installed.
• Install Ubuntu 18.04 Desktop Virtual Machine and launch a terminal after logging in. Next, run the command. sudo apt update.
• Install Docker using the command sudo apt install docker.io.
• In most of the sections of the workshop, we want to run docker commands without “sudo”. To be able to run docker commands without sudo, run the commands sudo groupadd docker && usermod -aG docker $USER.
• Run the command to complete docker installation sudo systemctl start docker && systemctl enable docker.
• If you run any docker command at this moment, it will not work and you will see permission denied error. A restart is required for the changes to take effect.
• Restart the Virtual Machine and run the command docker images. It should work without any errors.
• Now, let us verify if we can pull a docker image by running the command docker pull alpine.
• Next, start a container using the alpine image we just downloaded. This can be done using the command docker run -itd alpine
• To interact with the container, run the command docker ps -aq. to get the container ID. Then run the command docker exec -it [ContainerID] sh.
A detailed setup documents with screenshots can also be found here Lab Setup Document
Srinivas, who works for a bank as Red Team member is an Offensive Security Certified Professional(OSCP) and passionate about Information Security. He authored a book titled “Hacking Android”. He worked as Penetration Tester in the past and has hands-on experience in DevSecOps, Container Security, Web Application Security, Infrastructure Security, Mobile Application Security, IoT Security and Embedded Software Exploit Development (ARM & MIPS). He is one of the authors of FuzzAPI, a REST API vulnerability scanner. He is a speaker at Defcon 26 IoT Village and he delivered several talks and hands-on workshops at regional infosec events in India and Singapore.
Abhijeth Dugginapeddi is an AppSec dude working as lead Security @Bigcommerce, Mentor @wesecureapp and an Adjunct lecturer at UNSW in Australia. Previously worked with Adobe Systems, TCS and Sourcenxt. Security Enthusiast in the fields of Penetration Testing, Application/Mobile/Infrastructure Security. Believes in need for more security awareness and free responsible disclosures. Got lucky in finding few vulnerabilities with Google, Yahoo, Facebook, Microsoft, Ebay, Dropbox, etc and one among Top 5 researchers in Synack a bug bounty platform. Got a chance to speak at Defcon, Blackhat, OWASP AppSec USA, c0c0n, Secure-2018 Poland, CISO Summit, etc.