CVE-2022-0492

An eBPF module created to prevent docker escape attacks by leveraging the unshare command

Container Escape Prevention using eBPF We have conducted a case study on two major CVE exploits on Linux systems: CVE-2022-0185 CVE-2022-0492 Both of the exploits depend on using the unshare command to gain unfair access to a root level namespace and to escape a docker container We first performed these exploits on our systems and then created a Linux security module using e

Test whether a container environment is vulnerable to container escapes via CVE-2022-0492

A container image that tests whether a container enviroment is vulnerable to escapes via CVE-2022-0492 Best to execute under a new container running an image built with: $ cd can-ctr-escape-cve-2022-0492 $ docker build -t can-ctr-escape-cve-2022-0492:latest A pre-built image is available at us-central1-dockerpkgdev/twistlock-secresea

A script to check if a container environment is vulnerable to container escapes via CVE-2022-0492

CVE-2022-0492-Checker A script to check if a container environment is vulnerable to container escapes via CVE-2022-0492 About the vulnerability On Feb 4, Linux announced CVE-2022-0492, a new privilege escalation vulnerability in the kernel CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers Th

Docker容器逃逸工具（Docker Escape Tools）

Shovel Docker容器逃逸工具 1、通过mount命令逃逸触发告警？ 2、unshare命令发现没有-C参数？ 3、机器上没有各种语言的执行环境？ 4、逃逸程序太大不好下载？ 遇到以上问题那就用下这个程序吧，原理上就是逃逸的那一堆shell脚本，换成系统调用，绕过bash的监控

CVE-2022-0492 EXP and Analysis write up

CVE-2022-0492 容器逃逸分析 [toc] 漏洞简介 漏洞编号: CVE-2022-0492 漏洞产品: linux kernel - cgroup 影响版本: ~linux kernel 517-rc3 漏洞危害: 当容器没有开启额外安全措施时，获得容器内root 权限即可逃逸到宿主机 环境搭建 在存在漏洞版本的内核的linux中使用docker 即可。 #关闭所有安全防护启动docker do

sudo apt-get install bpfcc-tools linux-headers-$(uname -r) Source tree: /bpf: c code /libs: python code /rules: example policy files mainpy: front-end bpfpy: back-end Usage: python3 mainpy -h usage: mainpy [-h] [-V] [-d] [-L LOG_FILE] [-p PID] [-N NAMESPACE] [--dockerid DOCKERID] --hook HOOK Kubernetes dynamic eBPF po

My CVE, bug bounty, and general cybersec relevant reading list and notes Misc Links National Vulnerability Database: here NVD CVE search: here NVD data feeds listing: here CVE details CVSS distribution listing: here Mitre CVE search: here Pentesterland list of bug bounty writeups: here JFrog security research blogroll: here vuldb listing: here 2022 March Title

Automation of attacks and logging of their system call footprint

IDS-Dataset project Table of Contents Background and Motivation Approaching the problem Explaining the attacks: General Idea Attacker Side Victim Side Installation Creating the virtual machine Setup Victim Setup Attacker Troubleshooting Executing the setup script throws an error during an apt/apt-get install: Server returns error when using custom module: Backgrou

Practices on K8s security

Practices for Kubernetes Security 20220412 Proposal Feedback: This could be a really interesting project I also wonder how a recent vulnerability in kubernetes (CVE-2022-0492) could be affected by this approach You might also want to discuss how other bugs/vulnerabilities in kubernetes could be detected/prevented with your approach Apart from having some functional protot

Escaping a Docker Container for fun.

Container Escape Exploit This is a container escape exploit that uses the docker daemon to escape from a container It is based on the CVE-2022-0492 exploit It is a proof of concept and should not be used in production To plant the malicous bash sript on the container and execute it, the ImageTragick CVE-2016-3714 exploit is used This exploit implementation is part of an art

Docker Breakout Checker and PoC via CAP_SYS_ADMIN and via user namespaces (CVE-2022-0492)

CVE-2022-0492 Docker Breakout Checker and PoC Summary Exploiting the vulnerability requires the attacker to have access to a Docker container running on a vulnerable system Once exploited, the attacker can escape the container and gain complete control over the host system A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cg

CVE-2022-0492-Container-Escape

CVE-2022-0492-Container-Escape CVE-2022-0492-Container-Escape 通过go实现 参考链接： githubcom/chenaotian/CVE-2022-0492 blogtrailofbitscom/2019/07/19/understanding-docker-container-escapes/

Pentest Practical Tools File transfer Sending a file through netcat # Receiver nc -l -p 1234 > outfile # Sender nc -w 3 [destination] 1234 < outfile ftp sudo pip3 install pyftpdlib sudo python3 -m pyftpdlib -w -p 21 non-interactive on windows echo open 101104 21> ftptxt ec

Hacking Kubernetes - Demo Preparations Vulnerable Kubernetes Cluster Create a single-node Kubernetes custom cluster in Rancher VM resources: 4 CPU, 8GB RAM, 80GB disk OS: Image: cloud-images-archiveubuntucom/releases/bionic/release-20180517/ubuntu-1804-server-cloudimg-amd64img Deactivate unattended upgrades sudo apt remove unattended-upgrades

Cloud Native Security News

cloud-native-security-news 加入云原生安全资讯项目 在 issues 中添加或处理 '待分析资讯' 每天阅读安全咨询 总结成文章, 模板参见 security-research-specification push 总结至 git 仓库 云原生安全资讯索引 20240222 - Unit42 攻击面管理威胁报告 2023 20240204 - CVE-2022-0492导致的容器逃逸无法复现原�