Change Location × Charlotte

    Recent Locations

      CarolinaCon 15 | Professionally Evil Container Hackery in Charlotte


      • CarolinaCon 15 | Professionally Evil Container Hackery Photo #1
      1 of 1
      April 26, 2019

      Friday   1:00 PM

      2800 Coliseum Centre Drive
      Charlotte, North Carolina 28217

      Map
      Performers:
      • No Performers Listed
      EVENT DETAILS
      CarolinaCon 15 | Professionally Evil Container Hackery

      Professionally Evil Container Hackery Cory Sabol - Security Consultant at Secure Ideas, LLC Description: In this workshop we'll be learning how to do some container hacking! The course assumes that students are somewhat familiar with how to use Docker or other container tooling. We'll touch on several techniques that can be used when you encounter container tech on a penetration test. We'll also be using a tool written by the author called Harpoon to carry out some of the recon and attacks. In addition to Harpoon we'll also be using a customized version of SamuraiWTF; be on the lookout for a notification of when these labs are ready. Tentative Course Schedule Introduction Container basics; terminology, basic docker commands Reconnaissance Looking for docker socket Surveying existing images Viewing host processes from inside a container Priviledge escalation using conatiners and container services Elevate low-priv user in Docker group to root Mount the host filesystem to backdoor the host root Exploration of CVE-2019-5736 Attacking Kubernetes Pivoting to compromise cluster services Access to port 10250 Setup/Requirements: Personal laptop or a work laptop which students have the ability to install 3rd party software VirtualBox (if you need to use another hypervisor you'll need to convert the labs on your own.) Vagrant A built instance of the SamuraiWTF labs VM (once development is finished)

      Categories: Science

      Event details may change at any time, always check with the event organizer when planning to attend this event or purchase tickets.