Hacking and Securing Docker Containers

Gain foundational knowledge of Docker concepts, including creating Docker images and spinning up containers, and prepare for hands-on labs that build images used later in the course.

Set up the lab by installing Docker on Ubuntu 18.04, using the official repository or docker.io, start and enable the Docker service, and verify installation with docker --version.

Discover how Docker provides containerization through os-level virtualization, packing dependencies into an image to ensure consistent runs across machines, enabling portability and easy sharing via Docker Hub.

Explore the fundamental difference between virtual machines and Docker containers: VMs require separate operating systems and hypervisors, while containers share the host Linux kernel via the Docker engine.

Learn to build your first docker image by writing a Dockerfile from ubuntu 16.04, adding a simple index.html, and building with docker build.

Start a container from the built image and map host port 8080 to the container, verify the hello world message, and use docker exec for an interactive shell.

Start by distinguishing images and containers: images are lightweight, standalone packages with everything to run an app; containers are launched from images as multiple instances that run reliably across environments.

Master Linux kernel cgroups to enforce resource limits in Docker containers by restricting CPU, memory, and I/O, and verify limits with docker run, docker stats, and sleep workloads.

Explore how Linux namespaces provide container isolation, focus on the user namespace, and see how mounting host directories can create privilege escalation risks.

Enable user namespaces in the docker daemon to map container root to a non-privileged host user, isolating container from the host. The demo shows host access despite container root privilege.

Learn to clean up docker containers and images by stopping and deleting unused items, both individually and in bulk, to reclaim disk space and keep the system tidy.

Explore Docker registries as systems for storing and distributing images, including Docker Hub and private registries, and learn how to verify and switch the default registry using Docker commands.

Explore how attackers abuse darker features in Docker containers and how features can enable container escape, as this module reveals the Docker attack surface.

Explore the Docker attack surface, including privilege escalation to root, remote code execution, misconfigurations that allow attackers to escape containers and abuse Docker group access, including backdoor images.

Explore how vulnerable images from Docker Hub can harbor known vulnerabilities, enabling attackers to gain a foothold in containers and the hosts they run.

Identify whether you are inside a Docker container by inspecting /proc/self/cgroup to differentiate a container shell from a host shell.

Explore how attackers backdoor existing docker images by using docker scan to infect images and enable a remote shell when deployed.

Explore how docker volume mounts can enable privilege escalation for users in the docker group, including reading host files like shadow on the host.

Learn how the docker.sock interface enables container management by the docker client, including mounting /var/run/docker.sock into containers, and why this poses security risks.

Shows how mounting the Docker socket inside a container lets an attacker access the host filesystem, spawn host containers, and mount the host root to gain foothold.

Explore how the Docker privileged flag expands container capabilities and increases security risk, including potential container escape and foothold on the host.

This lecture demonstrates how a privileged docker container with caps can install a host kernel module, load and unload it, and potentially spawn a shell on the host.

Learn how dangling docker volumes on the host can expose secrets and credentials after a container is deleted, and how to inspect, mount, and manage volumes to prevent data leakage.

explains how the docker remote api enables interacting with the docker daemon via a rest api. notes the risk of unauthenticated access and previews enabling and testing it locally.

Exploit docker remote API to escape a container, gain a reverse shell, create a host user via passwd and shadow files, and achieve sudo/root access on the host.

learn how secrets stored in docker containers and environment variables can be exposed by an attacker, and how to protect them with proper secrets management on host and container.

Explore automated tools for auditing Docker hosts, images, and containers, focusing on defensive security and automated vulnerability assessments with popular techniques.

Learn to perform static analysis on Docker images with Clair, running the scanner, generating a vulnerability report, and interpreting CV details and severities in the output.

Explore the docker bench security tool to assess production deployments, identify misconfigurations, and improve security by fixing issues such as running containers as non-root and verifying user permissions.

Explore Docker security features built into the Docker engine, including Linux security features like AppArmor and capabilities, with practical examples.

Use AppArmor profiles with Docker to load and enforce policies, then test container security by blocking access to /dmp and /etc/passwd while allowing /etc/shadow reads.

Explore how seccomp profiles act as a firewall for container system calls, blocking specific calls while allowing others in docker, demonstrated with a practical profile and test commands.

Learn how to manage Linux capabilities inside Docker containers by using a whitelist approach: drop all capabilities by default and selectively cap add to grant only needed privileges.

Celebrate completing the hacking and securing Docker containers course, invite feedback in the comments, and invite learners to share with friends while hinting at future security courses.