SlideShare a Scribd company logo

RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images

Daniel Garcia (a.k.a cr0hn)
Daniel Garcia (a.k.a cr0hn)

The document discusses a talk titled "Docker might not be your friend - Trojanizing Docker like a Sir" given by Daniel García and Roberto Muñoz. The talk covers what Docker is, the Docker environment including components like Docker hosts, registries, and orchestrators. It also discusses continuous integration/continuous deployment cycles and how Docker fits into those processes. The slides provide definitions and diagrams to explain these concepts.

Technology
1 of 150
Download to read offline
Docker Might not be your friend Trojanizing Docker like a Sir Roberto Muñoz (robsky) - @skyeinthewildDaniel García (cr0hn) - @ggdaniel
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild <spam>About Us</spam> • Creator/co-creator many security tools • Security researcher / ethical hacking • Chapter Leader OWASP Madrid • Python developer https://www.linkedin.com/in/garciagarciadaniel https://www.linkedin.com/in/roberto-muñoz-fernández-8389a313/ • SecDevOPs • Security researcher • Former BOFH (Because even developers need heroes)
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild What’s this talk about? 1. What’s Docker 2. The Docker environment 3. What’s a C.I. / C.D. cycle? 4. Dissecting Docker images 5. Abusing Docker registry? 6. Conclusions
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild What’s this talk about? 1. What’s Docker 2. The Docker environment 3. What’s a C.I. / C.D. cycle? 4. Dissecting Docker images 5. Abusing Docker registry? 6. Conclusions
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild WHAT’S DOCKER? If you feel like the monkeys of 2001 odyssey, this is chapter is important to you
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - A brief definition
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - A brief definition
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM IS NOT VIRTUALIZATION
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Dockerfile Image Container
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Dockerfile Image Container
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Dockerfile Image Container
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Different
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Different But similar
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Different But similar
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild THE DOCKER ENVIRONMENT Neighbourhood colleagues
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Registry
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Registry Docker Orchestrators
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Host Docker Registry Docker Orchestrators
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Host Docker Registry Docker Image builder Docker Orchestrators
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Host Docker Registry Docker Image builder Docker Orchestrators
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild WHAT’S A C.I. / C.D CYCLE? Ensure that your boss does not see this, he could realise that you are not really necessary…. fired! fired! fired!
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Summary - Definitions 1. Continuous Integration - C.I: “Is the practice of merging all developer working copies to a shared mainline several times a day.” 2.Continuous Deployment - C.D: “Is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time.” Source Wikipedia
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process Restart the process is hard
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process Restart the process is hard
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process Restart the process is hard
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. - New approach https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. - New approach https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. - New approach https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. + C.D. - New approach with Docker
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild DISSECTING DOCKER IMAGES Shut up and tell me how I can break it down
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Global Metadata Global metadata JSON file • Global info about image • Modification history • A SHA256 hash of each layer. Stored in order.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Manifest Manifest file • A reference to global config file. • List of tags for the image. • List of layers. IN ORDER
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Repositories Repositories • Repository witch belong the image. • Repository tags available. • A reference to the last layer.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layers Image layers • A docker image can contains any number of layers • Each layer has their own folder. • Each layer has 3 files: • json • layer.tar • VERSION
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content • Layer metadata • Reference to the parent layer
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content • Layer metadata • Reference to the parent layer • Layer version
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content • Layer metadata • Reference to the parent layer • Layer version • Folders / files • Incremental file system
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Why? • Change environment vars • Change Entry Point • Add new/modify files • Analyse the image • Extract the content
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems Manifest / Metadata only meet the layer hash
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems Manifest / Metadata only meet the layer hash The layer hash is referenced in many places
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems Manifest / Metadata only meet the layer hash The layer hash is referenced in many places A tiny change in a layer content implies many changes in many files.
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems SHA256: f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems SHA256: f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Scan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir https://github.com/cr0hn/dockerscan Docker Scan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir ¡ Demo time ! Trojanizing Docker Images with Docker Scan Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild ABUSING DOCKER REGISTRY? Yes, we love break things…
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Registry (D.R) - Brief summary • Storage docker images. • Index the images hashes • Create a logical structure to locate docker images: repository/image:tag • Exposes a REST API to interact.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage Storage server Indexing server
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - How registry storage the images?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - How registry storage the images? … … Images
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - How registry storage the images? … … Images Tags
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir latest D.R. - How registry storage the images? 1.1.10 1.11.10-alpine 1.10.3-alpine … … … Images Tags
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion Oks. Here is your upload Path
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… SHA256: f94a86523746be32e7981681172198717edd94333d263b1f64228a41e 14dc6b5
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… Add the tag: Latest minion :Latest
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… Add the tag: Latest minion :Latest D.R. - Attacks : Upload non accessible files
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… Add the tag: Latest minion :Latest D.R. - Attacks : Upload non accessible files
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir ¡ Demo time ! Uploading files that only you can download… D.R. - Attacks : Upload non accesible files
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - Attacks : Replace remote images latest 1.1.10 1.11.10-alpine 1.10.3-alpine … … … Images Tags
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - Attacks : Replace remote images latest 1.1.10 1.11.10-alpine 1.10.3-alpine … … … Images Tags latest
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - A short search in Shodan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - A short search in Shodan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - A short search in Shodan
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild CONCLUSIONS The conclusion is simple: give me your money and avoid intermediaries
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild WE NEED TO INVOKE SECURITY!
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild BUILD BEST PRACTICES • Do not trust name or tags, use digests instead in FROM declarations. • Always check the integrity of anything downloaded in build time.
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild REGISTRY SECURIZATION • Implement some of the available authN/authZ options. • Limit the exposure, the best case scenario is where only the build servers are allowed to push images to registries • Implement signing (https://github.com/docker/ notary) and don't execute unsigned images.
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild RUNTIME PROTECTION • Don't execute images with excessive privileges (-- privileged flag, added capabilities, disabled namespaces, etc) • Use native docker supported custom security profiles for your containers (Seccomp,Selinux/ Apparmor) • Use dynamic analysis tools to create behavioural profiles of the containers and monitor any suspect change in the container activity.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Be careful…. …there is always someone watching
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Questions ?
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Thank you!

Recommended

Building Instruqt, a scalable learning platform
Building Instruqt, a scalable learning platformBuilding Instruqt, a scalable learning platform
Building Instruqt, a scalable learning platform
Instruqt
 
Linux
LinuxLinux
Linux
Gouthaman V
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
Will Schroeder
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
Michael Boelen
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
NSConclave
 
David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falco
Lorenzo David
 
XSS Cheat Sheet
XSS Cheat Sheet XSS Cheat Sheet
XSS Cheat Sheet
newedgecs
 

Recommended

Building Instruqt, a scalable learning platform
Building Instruqt, a scalable learning platformBuilding Instruqt, a scalable learning platform
Building Instruqt, a scalable learning platform
Instruqt
 
Linux
LinuxLinux
Linux
Gouthaman V
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
Will Schroeder
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
Michael Boelen
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
NSConclave
 
David container security-with_falco
David container security-with_falcoDavid container security-with_falco
David container security-with_falco
Lorenzo David
 
XSS Cheat Sheet
XSS Cheat Sheet XSS Cheat Sheet
XSS Cheat Sheet
newedgecs
 
PubSub and Notifications in Ceph
PubSub and Notifications in CephPubSub and Notifications in Ceph
PubSub and Notifications in Ceph
Yuval Lifshitz
 
20 Tips for OpenSplice Newbies
20 Tips for OpenSplice Newbies20 Tips for OpenSplice Newbies
20 Tips for OpenSplice Newbies
Angelo Corsaro
 
File permissions
File permissionsFile permissions
File permissions
Varnnit Jain
 
Nfs
NfsNfs
Nfs
Waqas !!!!
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
Squid server
Squid serverSquid server
Squid server
Rohit Phulsunge
 
DDS Security
DDS SecurityDDS Security
DDS Security
Angelo Corsaro
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
ManiacH1
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
Robert Stewart
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
Joe Speed
 
DMVPN
DMVPNDMVPN
DMVPN
NetProtocol Xpert
 
Android Audio System
Android Audio SystemAndroid Audio System
Android Audio System
Yi-Hsiang Huang
 
Linux training
Linux trainingLinux training
Linux trainingParker Fong
 
micro-ROS: Developing ROS 2 professional applications based on MCUs
micro-ROS: Developing ROS 2 professional applications based on MCUsmicro-ROS: Developing ROS 2 professional applications based on MCUs
micro-ROS: Developing ROS 2 professional applications based on MCUs
eProsima
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
Mihai Criveti
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm Mode
Ajeet Singh Raina
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf Tutorial
Saju Madhavan
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker container
Vinay Jindal
 
Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
Commit University
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupStartit
 

More Related Content

What's hot

PubSub and Notifications in Ceph
PubSub and Notifications in CephPubSub and Notifications in Ceph
PubSub and Notifications in Ceph
Yuval Lifshitz
 
20 Tips for OpenSplice Newbies
20 Tips for OpenSplice Newbies20 Tips for OpenSplice Newbies
20 Tips for OpenSplice Newbies
Angelo Corsaro
 
File permissions
File permissionsFile permissions
File permissions
Varnnit Jain
 
Nfs
NfsNfs
Nfs
Waqas !!!!
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
AirTight Networks
 
Squid server
Squid serverSquid server
Squid server
Rohit Phulsunge
 
DDS Security
DDS SecurityDDS Security
DDS Security
Angelo Corsaro
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
ManiacH1
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
Robert Stewart
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
Joe Speed
 
Android Audio System
Android Audio SystemAndroid Audio System
Android Audio System
Yi-Hsiang Huang
 
micro-ROS: Developing ROS 2 professional applications based on MCUs
micro-ROS: Developing ROS 2 professional applications based on MCUsmicro-ROS: Developing ROS 2 professional applications based on MCUs
micro-ROS: Developing ROS 2 professional applications based on MCUs
eProsima
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
Christopher Frohoff
 
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
Mihai Criveti
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm Mode
Ajeet Singh Raina
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf Tutorial
Saju Madhavan
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker container
Vinay Jindal
 

What's hot (20)

PubSub and Notifications in Ceph
PubSub and Notifications in CephPubSub and Notifications in Ceph
PubSub and Notifications in Ceph
 
20 Tips for OpenSplice Newbies
20 Tips for OpenSplice Newbies20 Tips for OpenSplice Newbies
20 Tips for OpenSplice Newbies
 
File permissions
File permissionsFile permissions
File permissions
 
Nfs
NfsNfs
Nfs
 
Caffe Latte Attack
Caffe Latte AttackCaffe Latte Attack
Caffe Latte Attack
 
Squid server
Squid serverSquid server
Squid server
 
DDS Security
DDS SecurityDDS Security
DDS Security
 
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdfmastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
mastering-kali-linux-for-advanced-penetration-testing-book-look2linux-com.pdf
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
 
System hacking
System hackingSystem hacking
System hacking
 
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
ROS 2 Foxy with Eclipse Cyclone DDS | Philly ROS Meetup July 20th 2020
 
DMVPN
DMVPNDMVPN
DMVPN
 
Android Audio System
Android Audio SystemAndroid Audio System
Android Audio System
 
Linux training
Linux trainingLinux training
Linux training
 
micro-ROS: Developing ROS 2 professional applications based on MCUs
micro-ROS: Developing ROS 2 professional applications based on MCUsmicro-ROS: Developing ROS 2 professional applications based on MCUs
micro-ROS: Developing ROS 2 professional applications based on MCUs
 
OWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling Pickles
 
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
AnsibleFest 2021 - DevSecOps with Ansible, OpenShift Virtualization, Packer a...
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm Mode
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf Tutorial
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker container
 

Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
Commit University
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupStartit
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
msyukor
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Rui Quintino
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
Docker, Inc.
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
Jeremy Brown
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Roberto Hashioka
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
The Incredible Automation Day
 
Golab.io
Golab.ioGolab.io
Golab.io
r3vit
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
borjaburgos
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
Deep Shankar Yadav
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
OWASP Delhi
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
ssarabadani
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
Mathias Renner
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
Jan Klat
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing StashboardDocker, Inc.
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
dotCloud
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
Christian Beedgen
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
Roberto Messora
 

Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images (20)

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech Meetup
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
 
Golab.io
Golab.ioGolab.io
Golab.io
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
 

More from Daniel Garcia (a.k.a cr0hn)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
Daniel Garcia (a.k.a cr0hn)
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
Daniel Garcia (a.k.a cr0hn)
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
Daniel Garcia (a.k.a cr0hn)
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
Daniel Garcia (a.k.a cr0hn)
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Daniel Garcia (a.k.a cr0hn)
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
Daniel Garcia (a.k.a cr0hn)
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Daniel Garcia (a.k.a cr0hn)
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
Daniel Garcia (a.k.a cr0hn)
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
Daniel Garcia (a.k.a cr0hn)
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
Daniel Garcia (a.k.a cr0hn)
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Daniel Garcia (a.k.a cr0hn)
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
Daniel Garcia (a.k.a cr0hn)
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Daniel Garcia (a.k.a cr0hn)
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
Daniel Garcia (a.k.a cr0hn)
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
Daniel Garcia (a.k.a cr0hn)
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
Daniel Garcia (a.k.a cr0hn)
 

More from Daniel Garcia (a.k.a cr0hn) (20)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
 
Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
 
Cybercam 2014
Cybercam 2014Cybercam 2014
Cybercam 2014
 
Introduccion muy básica a Python
Introduccion muy básica a PythonIntroduccion muy básica a Python
Introduccion muy básica a Python
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 

RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images