Glenn 'devalias' Grant, profile picture
Uploaded byGlenn 'devalias' Grant
PPTX, PDF236 views

Hack FaaSter: Leveraging Docker and OpenFaaS for fun and offensive (security) profit

Presented at SecTalks Canberra (November 14th, 2017; Canberra, Australia) A short presentation touching on Docker, Serverless/FaaS and OpenFaaS, some reasons why I think they're cool, and then jumping right into getting setup and playing with OpenFaaS as part of the workshop. https://github.com/0xdevalias/hack-FaaSter Make sure to check out the associated workshop files as well: https://github.com/0xdevalias/hack-FaaSter/blob/master/workshop.md

Embed presentation

Download to read offline
@_devalias #hackFaaSter Hack FaaSter Leveraging Docker and OpenFaaS for fun and offensive (security) profit.
@_devalias #hackFaaSter Who am I?  Glenn ‘devalias’ Grant  http://devalias.net/  https://twitter.com/_devalias  https://github.com/0xdevalias  https://www.linkedin.com/in/glenn-devalias-grant/  Penetration Tester @ TSS  Polyglot Developer  And a few other things..  Biohacker, Bulletproof Coach, Snowboarder, Scuba, Skydiver..
@_devalias #hackFaaSter What is Docker?  https://www.docker.com/  Container: Lightweight ‘virtualisation’, shared kernel  Data is layered, layers are shared  Alpine Linux base image < 5mb!  DevOps: Clusters, deployment, static enviroments..  Me: Toolkit on every box with no more system clutter!  docker run --rm devalias/gobuster –h
@_devalias #hackFaaSter A FaaS intro to Serverless  Still uses servers, they’re just #InTheCloud™ (and somebody else’s problem)  While we’re ditching servers, let’s drop the frameworks too!  Function as a Service (FaaS)  Decompose applications into individual functions and microservices
@_devalias #hackFaaSter OpenFaaS  https://www.openfaas.com/  “Serverless Functions Made Simple”  Run ‘cloud functions’ locally, with the full power of Docker  faas-cli build –f https://hakt.us/funcs.yml  faas-cli deploy –f https://hakt.us/funcs.yml  echo “Hack” | faas-cli invoke TheGibson > /root/.workspace/.garbage
@_devalias #hackFaaSter Workshop  “I’m too young to die” (Easy Mode, recommended)  We’ll use the free online ‘Play with Docker’ environment  https://github.com/0xdevalias/hack-FaaSter  “Hey, not too rough” (Medium Mode)  Install Docker (Community Edition) locally, then play along  Mac should be straightforward, Windows is more of a challenge because Hyper-V  “Nightmare” (Hard Mode)  I don’t need no instructions! I’ll do it myself!  Docker, OpenFaaS, OpenFaaS CLI.. You’re on your own now.
@_devalias #hackFaaSter Upcoming Talks  CSides Canberra  “Gophers, whales and.. clouds? Oh my!” v0.2-alpha  Friday, November 17, 2017 (~6pm)  http://www.bsidesau.com.au/csides.html  BSides Wellington  “Gophers, whales and.. clouds? Oh my!”  Thursday, November 23, 2017 (3:30pm - 4:00pm)  http://bit.ly/BSidesWLG-devalias
@_devalias #hackFaaSter Resources  Docker  https://www.docker.com/  OpenFaaS  https://www.openfaas.com/  https://github.com/openfaas/faas  https://github.com/openfaas/faas-cli  Community Functions: https://github.com/faas-and-furious  Blogs & Talks: https://github.com/openfaas/faas/blob/master/community.md

More Related Content

PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
20190130 - React - displayName - Lightning Talk
byGlenn 'devalias' Grant
 
PDF
Gophers, whales and.. clouds? Oh my!
byGlenn 'devalias' Grant
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
20190130 - React - displayName - Lightning Talk
byGlenn 'devalias' Grant
 
Gophers, whales and.. clouds? Oh my!
byGlenn 'devalias' Grant
 

Recently uploaded

PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PDF
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
CI CD Observability, Metrics and DORA - Shifting Left and Cleaning Up! - Febr...
byPeter Souter
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 

Featured

PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
PDF
Introduction to Data Science
byChristy Abraham Joy
 
PDF
Time Management & Productivity - Best Practices
byVit Horky
 
PDF
The six step guide to practical project management
byMindGenius
 
PDF
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
byRachelPearson36
 
PDF
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
byApplitools
 
PDF
12 Ways to Increase Your Influence at Work
byGetSmarter
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
Skeleton Culture Code
bySkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
byChristy Abraham Joy
 
Time Management & Productivity - Best Practices
byVit Horky
 
The six step guide to practical project management
byMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
byRachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
byApplitools
 
12 Ways to Increase Your Influence at Work
byGetSmarter
 

Hack FaaSter: Leveraging Docker and OpenFaaS for fun and offensive (security) profit

  • 1.
    @_devalias #hackFaaSter Hack FaaSter LeveragingDocker and OpenFaaS for fun and offensive (security) profit.
  • 2.
    @_devalias #hackFaaSter Who amI?  Glenn ‘devalias’ Grant  http://devalias.net/  https://twitter.com/_devalias  https://github.com/0xdevalias  https://www.linkedin.com/in/glenn-devalias-grant/  Penetration Tester @ TSS  Polyglot Developer  And a few other things..  Biohacker, Bulletproof Coach, Snowboarder, Scuba, Skydiver..
  • 3.
    @_devalias #hackFaaSter What isDocker?  https://www.docker.com/  Container: Lightweight ‘virtualisation’, shared kernel  Data is layered, layers are shared  Alpine Linux base image < 5mb!  DevOps: Clusters, deployment, static enviroments..  Me: Toolkit on every box with no more system clutter!  docker run --rm devalias/gobuster –h
  • 4.
    @_devalias #hackFaaSter A FaaSintro to Serverless  Still uses servers, they’re just #InTheCloud™ (and somebody else’s problem)  While we’re ditching servers, let’s drop the frameworks too!  Function as a Service (FaaS)  Decompose applications into individual functions and microservices
  • 5.
    @_devalias #hackFaaSter OpenFaaS  https://www.openfaas.com/ “Serverless Functions Made Simple”  Run ‘cloud functions’ locally, with the full power of Docker  faas-cli build –f https://hakt.us/funcs.yml  faas-cli deploy –f https://hakt.us/funcs.yml  echo “Hack” | faas-cli invoke TheGibson > /root/.workspace/.garbage
  • 6.
    @_devalias #hackFaaSter Workshop  “I’mtoo young to die” (Easy Mode, recommended)  We’ll use the free online ‘Play with Docker’ environment  https://github.com/0xdevalias/hack-FaaSter  “Hey, not too rough” (Medium Mode)  Install Docker (Community Edition) locally, then play along  Mac should be straightforward, Windows is more of a challenge because Hyper-V  “Nightmare” (Hard Mode)  I don’t need no instructions! I’ll do it myself!  Docker, OpenFaaS, OpenFaaS CLI.. You’re on your own now.
  • 7.
    @_devalias #hackFaaSter Upcoming Talks CSides Canberra  “Gophers, whales and.. clouds? Oh my!” v0.2-alpha  Friday, November 17, 2017 (~6pm)  http://www.bsidesau.com.au/csides.html  BSides Wellington  “Gophers, whales and.. clouds? Oh my!”  Thursday, November 23, 2017 (3:30pm - 4:00pm)  http://bit.ly/BSidesWLG-devalias
  • 8.
    @_devalias #hackFaaSter Resources  Docker https://www.docker.com/  OpenFaaS  https://www.openfaas.com/  https://github.com/openfaas/faas  https://github.com/openfaas/faas-cli  Community Functions: https://github.com/faas-and-furious  Blogs & Talks: https://github.com/openfaas/faas/blob/master/community.md

Editor's Notes

  • #4 https://en.wikipedia.org/wiki/Operating-system-level_virtualization https://www.docker.com/ https://hub.docker.com/_/alpine/ https://hub.docker.com/r/devalias/gobuster/
  • #5 Definitions https://en.wikipedia.org/wiki/Serverless_computing https://en.wikipedia.org/wiki/Function_as_a_service Landscape https://aws.amazon.com/lambda/ https://cloud.google.com/functions/ https://azure.microsoft.com/en-us/services/functions/ https://medium.com/memory-leak/this-year-gartner-added-serverless-to-its-hype-cycle-of-emerging-technologies-reflecting-the-5dfe43d818f0
  • #6 https://www.openfaas.com/ https://github.com/openfaas/faas https://github.com/openfaas/faas-cli Blogs, talks, etc https://github.com/openfaas/faas/blob/master/community.md Community Functions: https://github.com/faas-and-furious