On-Demand: Container Security: Beginner Edition Bootcamp

A hands-on introduction to Container Security, this bootcamp shows you how misconfigured components can lead to breakout attacks and eventually, host compromise.

Recordings of this bootcamp are now available as part of our annual subscription. Subscribe to enjoy:
  • Access to all on-demand bootcamps and relevant labs, including this one
  • 2200+ hands-on labs covering another 130+ subtopics
Write your awesome label here.

What You'll Learn

This is a 4-session beginner bootcamp that will teach you the basics of containers and how to secure them.

You will learn to use different tools and techniques to audit containers, container hosts, image repositories and container management tools. Our unique lab setup lets you try low-level breakout attacks which otherwise can only be done in local virtual machines.
Write your awesome label here.
  • 9+ Hours of Live Session Recordings

  • Over 60 Lab Exercises

Subscribe to access bootcamp recordings and more!

  • Bootcamp recordings for select topics, accessible anytime

Follow along with instructors as they walk you through both theory and practice! With bootcamp recordings at your fingertips, master in-demand topics at your own pace, without time zone concerns. Take your time to go through our massive content library – you'll need it!
  • Access 135+ topics

Expand your horizons beyond bootcamps with 2200+ hands-on labs and 1500+ video courses! Our annual subscription grants you access to a massive content library – perfect for self-paced learning on an ongoing basis. View our entire list of topics here.
  • Browser-based platform; no VPN needed 

Learning with us is simple. Our labs are completely browser-based and include access to a Terminal/GUI-based Kali, Ubuntu or other operating systems, with the necessary tools and scripts pre-installed. All you need is an internet connection to get started!
  • Real-world scenarios

Our lab scenarios are based on real-world circumstances as much as possible. With realistic scenarios, students are prepared for actual pentesting and Red Team engagements.
  • Earn verifiable badges

Complete challenges to earn badges. Verified by Accredible, badges declare your skill in specific topics and are easily shared on social media to help your profile stand out!

Accessible via our AttackDefense lab platform

Upon logging in to the AttackDefense lab platform, annual subscribers will be able to access recordings of all our on-demand bootcamps and associated labs.

Prerequisites

1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system

Who should join this bootcamp?

1. Beginners and enthusiasts interested in building a foundation in Container Security
2. Red Teamers and Pentesters who need to add Container Security to their professional skillset
3. Security professionals dealing with Docker environments

Bootcamp Syllabus

Module I: Protocol Basics, Traffic Sniffing, and Recon

Before learning about attack techniques, we first need to establish a good understanding of Linux containers. The first session is therefore foundational, where we will go through Linux container basics and how to use Docker to create, manage and run containers. You will also get an introduction to the Open Container Initiative (OCI) and the various elements of a container system.
  • Container Basics
  • Basic container principles
  • How containers differ from virtual machines (VMs)
  • Namespaces
  • cgroups
  • Introduction to Docker
  • Basic commands and concepts
  • Components i.e. client, daemon, image, container, registry, volume, network
  • Using Docker
  • Pulling an image
  • Running a container
  • Building a container
  • Pushing a container
  • Dockerfile
  • Multi-container deployment
  • Manual setup
  • docker-compose
  • Introduction to low-level components
  • containerd
  • runc

Module II: Attacking Personal Networks

In our second session, we will start learning about Docker attacks. Here, you will learn to leverage privileged containers, excessive capabilities, shared namespaces, mounted sockets to perform container breakouts. Not only will you learn these attacks in theory, you’ll also get a chance to practice them hands-on in our labs.

  • Docker security
  • Threat modeling
  • Understanding risk vectors
  • Docker container breakouts
  • Privileged containers
  • Mounted volumes
  • Shared namespaces
  • Additional Linux capabilities
  • Process injection (SYS_PTRACE)
  • Abusing SYS_MODULE capability

Module III: Docker Host Security and Docker Forensics

Our third session focuses on Docker host attacks. We will learn to exploit misconfigured sockets, inadequately protected management tools, overly permissible settings, low-level runtime to perform attacks on the Docker host.

Then, we will cover Docker image security, the risks of running an insecure Docker registry along with the threat of backdoored images. This session will be heavily hands-on, and you will use tools and techniques to perform attacks and analysis on different components of Docker.

  • Attacking a Docker host
  • Mounted Docker socket
  • World writable socket
  • Exposed Docker socket
  • Management tools as attack vectors
  • Portainer
  • WatchGuard
  •  Docker image-based attacks
  • Insecure Docker Registry
  • Evil image
  • Corrupting source image
  • Docker forensics
  •  Analyzing images and exported tar archives
  • Container forensics
  • Checkpoints

Module IV: Securing Docker Infrastructure

Our final session focuses on defense. Here, you will learn the tools and best practices to secure a Docker environment, such as how to use AppArmor and seccomp to restrict possible operations for containers and scanning Docker images for vulnerabilities with clair.

The bootcamp will conclude with discussions on DCT and enabling TLS/authentication on a private Docker registry. By the end of this session, you’d have amassed both theoretical knowledge and practical experience with container-based attacks and defenses, and thus be prepared to take the certification exam.
  • Securing Docker
  • Auditing socket permissions and Docker group
  • User namespace remapping
  • Auditing runtime
  • Monitoring containers
  • Docker events and logs
  • Third-party tools
  • Securing Docker images
  • Dockerfile linting and audit
  • Best practices
  • Third-party tools/scanners
  • Securing a private registry
  • Deploying authentication
  • SSL support
Meet the instructor

Nishant Sharma

Nishant Sharma leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has conducted classroom trainings in Blackhat USA, HITB Amsterdam/Singapore, RootCon, OWASP NZ Day. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, Linux security.
Nishant Sharma - Instructor

Get informed about future bootcamps!

Thank you!
Thank you!