Container Security: Beginner Edition

A hands-on introduction to Container Security, this bootcamp shows you how misconfigured components can lead to breakout attacks and eventually, host compromise.
Write your awesome label here.
Starts: 09 July 2021  Duration: 4 weeks
Recordings of live sessions included!

What You'll Learn

This is a 4-week beginner bootcamp that will teach you the basics of containers and how to secure them.

You will learn to use different tools and techniques to audit containers, container hosts, image repositories and container management tools. Our unique lab setup lets you try low-level breakout attacks which otherwise can only be done in local virtual machines.

Completing the bootcamp and passing the PACOSP certification exam will arm you with the skills and knowledge required to enter the security industry as a Container Security Professional.
Write your awesome label here.
  • 4 Live Sessions

  • 2.5 hrs per session

  • Over 50 Lab Exercises

  • 1 PACOSP Attempt

  • Recordings of Live Sessions

Build Your Cybersecurity Credentials

  • Become a Pentester Academy Container Security Professional (PACOSP)

The Pentester Academy Container Security Professional (PACOSP) certification proves your expertise in Container Security. A PACOSP holder can confidently pentest container ecosystems, and is proficient in skills such as container breakouts, Docker host takeover, privilege escalation and leveraged backdoored images/unsecured registries/management tools.
  • Bootcamp Completion Certificate

Attendees will also get a course completion certificate after attending all 4 live sessions.

Live Session Schedule

Weekly 2 hr 30 min sessions start at 10:00am ET and end at 12:30pm ET.
09 July 2021
16 July 2021
23 July 2021
30 July 2021
Introduction to Linux Containers
Attacking Docker Containers
Docker Host Security and Docker Forensics
Securing Docker Infrastructure

Prerequisites

1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system

Who should join this bootcamp?

1. Beginners and enthusiasts interested in building a foundation in Container Security
2. Red Teamers and Pentesters who need to add Container Security to their professional skillset
3. Security professionals dealing with Docker environments

Bootcamp Syllabus

Module I: Protocol Basics, Traffic Sniffing, and Recon

Before learning about attack techniques, we first need to establish a good understanding of Linux containers. The first session is therefore foundational, where we will go through Linux container basics and how to use Docker to create, manage and run containers. You will also get an introduction to the Open Container Initiative (OCI) and the various elements of a container system.
  • Container Basics
  • Basic container principles
  • How containers differ from virtual machines (VMs)
  • Namespaces
  • cgroups
  • Introduction to Docker
  • Basic commands and concepts
  • Components i.e. client, daemon, image, container, registry, volume, network
  • Using Docker
  • Pulling an image
  • Running a container
  • Building a container
  • Pushing a container
  • Dockerfile
  • Multi-container deployment
  • Manual setup
  • docker-compose
  • Introduction to low-level components
  • containerd
  • runc

Module II: Attacking Personal Networks

In our second week, we will start learning about Docker attacks. Here, you will learn to leverage privileged containers, excessive capabilities, shared namespaces, mounted sockets to perform container breakouts. Not only will you learn these attacks in theory, you’ll also get a chance to practice them hands-on in our labs.

  • Docker security
  • Threat modeling
  • Understanding risk vectors
  • Docker container breakouts
  • Privileged containers
  • Mounted volumes
  • Shared namespaces
  • Additional Linux capabilities
  • Process injection (SYS_PTRACE)
  • Abusing SYS_MODULE capability

Module III: Docker Host Security and Docker Forensics

Our third week focuses on Docker host attacks. We will learn to exploit misconfigured sockets, inadequately protected management tools, overly permissible settings, low-level runtime to perform attacks on the Docker host.

Then, we will cover Docker image security, the risks of running an insecure Docker registry along with the threat of backdoored images. This session will be heavily hands-on, and you will use tools and techniques to perform attacks and analysis on different components of Docker.

  • Attacking a Docker host
  • Mounted Docker socket
  • World writable socket
  • Exposed Docker socket
  • Management tools as attack vectors
  • Portainer
  • WatchGuard
  •  Docker image-based attacks
  • Insecure Docker Registry
  • Evil image
  • Corrupting source image
  • Docker forensics
  •  Analyzing images and exported tar archives
  • Container forensics
  • Checkpoints

Module IV: Securing Docker Infrastructure

Our final session focuses on defense. Here, you will learn the tools and best practices to secure a Docker environment, such as how to use AppArmor and seccomp to restrict possible operations for containers and scanning Docker images for vulnerabilities with clair.

The bootcamp will conclude with discussions on DCT and enabling TLS/authentication on a private Docker registry. By the end of this session, you’d have amassed both theoretical knowledge and practical experience with container-based attacks and defenses, and thus be prepared to take the certification exam.
  • Securing Docker
  • Auditing socket permissions and Docker group
  • User namespace remapping
  • Auditing runtime
  • Monitoring containers
  • Docker events and logs
  • Third-party tools
  • Securing Docker images
  • Dockerfile linting and audit
  • Best practices
  • Third-party tools/scanners
  • Securing a private registry
  • Deploying authentication
  • SSL support
Meet the instructor

Nishant Sharma

Nishant Sharma leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has conducted classroom trainings in Blackhat USA, HITB Amsterdam/Singapore, RootCon, OWASP NZ Day. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, Linux security.
Nishant Sharma - Instructor

Can't attend this bootcamp? Get informed about future bootcamps!

Thank you!
Thank you!