On-Demand: Container Security: Beginner Edition Bootcamp
A hands-on introduction to Container Security, this bootcamp shows you how misconfigured components can lead to breakout attacks and eventually, host compromise.
Recordings of this bootcamp are now available as part of our annual subscription. Subscribe to enjoy:
Recordings of this bootcamp are now available as part of our annual subscription. Subscribe to enjoy:
- Access to all on-demand bootcamps and relevant labs, including this one
- 2000+ hands-on labs covering another 130+ subtopics
Write your awesome label here.
Subscribe to access bootcamp recordings and more!
Accessible via our AttackDefense lab platform
Upon logging in to the AttackDefense lab platform, annual subscribers will be able to access recordings of all our on-demand bootcamps and associated labs.

Prerequisites
1. A basic knowledge of computers and networking
2. Familiarity with the Linux operating system
Who should join this bootcamp?
1. Beginners and enthusiasts interested in building a foundation in Container Security
2. Red Teamers and Pentesters who need to add Container Security to their professional skillset
3. Security professionals dealing with Docker environments

Module I: Protocol Basics, Traffic Sniffing, and Recon
-
Container Basics
-
Basic container principles
-
How containers differ from virtual machines (VMs)
-
Namespaces
-
cgroups
-
Introduction to Docker
-
Basic commands and concepts
-
Components i.e. client, daemon, image, container, registry, volume, network
-
Using Docker
-
Pulling an image
-
Running a container
-
Building a container
-
Pushing a container
-
Dockerfile
-
Multi-container deployment
-
Manual setup
-
docker-compose
-
Introduction to low-level components
-
containerd
-
runc
Module II: Attacking Personal Networks
-
Docker security
-
Threat modeling
-
Understanding risk vectors
-
Docker container breakouts
-
Privileged containers
-
Mounted volumes
-
Shared namespaces
-
Additional Linux capabilities
-
Process injection (SYS_PTRACE)
-
Abusing SYS_MODULE capability
Module III: Docker Host Security and Docker Forensics
-
Attacking a Docker host
-
Mounted Docker socket
-
World writable socket
-
Exposed Docker socket
-
Management tools as attack vectors
-
Portainer
-
WatchGuard
-
Docker image-based attacks
-
Insecure Docker Registry
-
Evil image
-
Corrupting source image
-
Docker forensics
-
Analyzing images and exported tar archives
-
Container forensics
-
Checkpoints
Module IV: Securing Docker Infrastructure
-
Securing Docker
-
Auditing socket permissions and Docker group
-
User namespace remapping
-
Auditing runtime
-
Monitoring containers
-
Docker events and logs
-
Third-party tools
-
Securing Docker images
-
Dockerfile linting and audit
-
Best practices
-
Third-party tools/scanners
-
Securing a private registry
-
Deploying authentication
-
SSL support
Meet the instructor
Nishant Sharma
Nishant Sharma leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has conducted classroom trainings in Blackhat USA, HITB Amsterdam/Singapore, RootCon, OWASP NZ Day. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village and Demo labs (DEFCON USA). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks where he contributed in developing new features for the enterprise-grade WiFi APs and maintaining the state of art WiFi Intrusion Prevention System (WIPS). He has a Master's degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, Linux security.
Nishant Sharma - Instructor
Get informed about future bootcamps!
Thank you!