Table of Content
1. Introduction to Containers:
- Importance of Containers Security
- Understanding Architecture
- Brief on lab set-up
- Lab 01: Spinning up containers
2. Defenders Strategies:
- Lab 02: Hardcoded Sensitive information
- Lab 03: Overview CIS Benchmark
- Lab 04: Identifying vulnerable packages
- Lab 05: Diving into Container layers
- Lab 06: Container Network Security
- Lab 07: Image integrity check
- Lab 08: Security Visibility through Logging and Monitoring
3. Attackers Strategies:
- Lab 09: Dangling container volumes
- Lab 10: Exploiting Insecure Docker Configurations
- Lab 11: Kernel module to escape the container and get a reverse shell.
- Lab 12: Container Breakout
4. Attacking defending Using the MITRE ATT&CK techniques for Containers
5. Mind maps for Container Security
Requirements:
- Laptop with minimum 30 GB Hard Disk Space & 6+GB RAM
- Updated Virtual-box installed (with Ubuntu image)
Prerequisites:
- Passionate towards Infosec
- Basics of Linux
Key Takeaways:
- A ton of additional resources for attacking and defending containers
- Slack channel for coordination and query resolution
- Detailed step-by-step guide for all lab exercises
Speakers Profile
Sartaj Ahmed
Venue & Time
Hall Name: Hall 2
Time: 4 HourWorkshop Goal
The goal of this training programme is to provide a fundamental understanding of container and
kubernetes security through hands-on experience.
The course is aimed not just at red/blue team members, but also at students and professionals who
are just starting out in the container security.
We’d start with the fundamentals of containers before moving on to specific lab sessions on hacking
and defending containers. Real world scenarios would be the focus of this training.
Attendees would be interacting using a dedicated slack channel and post training we would be
provided the detailed guide of the lab sessions
About Speakers
