An Attacker Looks at Docker: Approaching Multi-Container Applications

Presented at Black Hat USA 2018, Aug. 8, 2018, 2:40 p.m. (50 minutes).

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. This is likely to make life a lot easier for attackers.

While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know.

The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A penetration tester can expect to leave this presentation with a practical exposure to multi-container application post-exploitation that is as buzzword-free as is possible with such a trendy topic.


Presenters:

  • Wesley McGrew - Director of Cyber Operations, HORNE Cyber
    Wesley McGrew oversees and participates in offense-oriented operations as Director of Cyber Operations for HORNE Cyber. He has presented on topics of penetration testing and and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a PhD in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systens.

Links:

Similar Presentations: