Docker security fundamentals for Penetration Testers
Common container misconfigurations
Container security concepts that can be applied in DevSecOps pipelines
This course falls into the categories - Cyber Security, Ethical Hacking, Information Security
This course starts from very basics and thus no Docker experience is required
[Please note that the course is being heavily updated with more videos]
This is the latest version of our previous course Hacking and Securing Docker Containers. This course contains several updates to the previous version.
1. Detailed explanation of how docker images are locally stored
2. How to abuse CAP_SYS_MODULE and write a kernel module to get escape the container and get a reverseshell.
3. Scanning Docker Images using Trivy
4. Docker Content Trust
5. 1080p quality videos (compared to 720p in previous version)
This course introduces students to the security concepts associated with Docker. Docker is a popular software and it is widely used in Information Technology Industry. It's popularity also brings a larger attack surface and thus it is important to understand it's security aspects to be able to protect Docker containers. This course is designed for students with any experience. If you never used Docker, its fine we have covered the basics. If you have used Docker for containerizing your applications, we have covered some advanced topics such as escaping from containers to host using misconfigured containers. Regardless of your experience with Docker, we have got you covered here.
Who this course is for:
IT Professionals using Docker containers
IT Professionals planning to use Docker containers
IT Professionals using any orchestration tool such as Docker Swarm, Kubernetes
Anyone who is interested in understanding Docker Security
6 sections • 34 lectures • 2h 7m total length
What is Docker?
Virtual Machines vs Containers
Virtual Machine Download
Building your first Docker Image
Images vs Containers
How Docker Images are stored locally
Namespaces - Part 1
Namespaces - Part 2
Docker Attack Surface
Exploiting vulnerable images
Backdooring Docker Images
Container breakout- Introduction
Introduction to docker.sock
Container escape using docker.sock
Introduction to --privileged flag
Writing to kernel space from a container
Writing to kernel space to get a reverse shell
Accessing Docker Secrets
Scanning Docker Images
Auditing the environment using Docker Bench Security
Srinivas is an Infosec professional with interest in teaching information security concepts. He is an OSCP and OSCE. He has extensive experience in penetration testing web, network and mobile apps. The aim of these courses is giving the best quality infosec courses at an affordable price. All of these courses contain hands on labs and very detailed explanations.