This document summarizes Docker escape techniques. It begins with an overview of Docker and how it uses namespaces and control groups (cgroups) for isolation. It then discusses vulnerabilities in Docker from untrusted images and escaping namespaces to access the host or other containers. The main part describes the Docker escape technology, which involves getting a task structure handle, resetting its namespaces proxy to the initial namespace, and gaining root access on the host system by exploiting vulnerabilities or setting credentials. Example code is provided to switch the filesystem structure and namespace proxy to escape the container.