SlideShare a Scribd company logo
Docker Might not be your friend
Trojanizing Docker like a Sir
Roberto	Muñoz	(robsky)	-	@skyeinthewildDaniel	García	(cr0hn)	-	@ggdaniel
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
<spam>About	Us</spam>
• Creator/co-creator	many	security	tools	
• Security	researcher	/	ethical	hacking	
• Chapter	Leader	OWASP	Madrid	
• Python	developer
https://www.linkedin.com/in/garciagarciadaniel
https://www.linkedin.com/in/roberto-muñoz-fernández-8389a313/
• SecDevOPs	
• Security	researcher	
• Former	 BOFH	 (Because	 even	 developers	
need	heroes)
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
What’s	this	talk	about?
1. What’s	Docker	
2. The	Docker	environment	
3. What’s	a	C.I.	/	C.D.	cycle?	
4. Dissecting	Docker	images	
5. Abusing	Docker	registry?	
6. Conclusions
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
What’s	this	talk	about?
1. What’s	Docker	
2. The	Docker	environment	
3. What’s	a	C.I.	/	C.D.	cycle?	
4. Dissecting	Docker	images	
5. Abusing	Docker	registry?	
6. Conclusions
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
WHAT’S	DOCKER?
If	you	feel	like	the	monkeys	of	
2001	odyssey,	this	is	chapter	is	
important	to	you
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	A	brief	definition
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	A	brief	definition
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
IS NOT
VIRTUALIZATION
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Dockerfile Image Container
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Dockerfile Image Container
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Dockerfile Image Container
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Different
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Different
But similar
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Different
But similar
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
THE	DOCKER	ENVIRONMENT
Neighbourhood	colleagues
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Registry
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Registry Docker	Orchestrators
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Host
Docker	Registry Docker	Orchestrators
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Host
Docker	Registry
Docker	Image	builder
Docker	Orchestrators
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Host
Docker	Registry
Docker	Image	builder
Docker	Orchestrators
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
WHAT’S	A	C.I.	/	C.D	CYCLE?
Ensure	that	your	boss	does	not	see	this,	
he	could	realise	that	you	are	not	really	
necessary….	fired!	fired!	fired!
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Summary	-	Definitions
1. Continuous Integration - C.I:
“Is the practice of merging all developer working
copies to a shared mainline several times a day.”
2.Continuous Deployment - C.D:
“Is a software engineering approach in which
teams produce software in short cycles,
ensuring that the software can be reliably
released at any time.”
Source Wikipedia
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Restart the process
is hard
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Restart the process
is hard
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Restart the process
is hard
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	-	New	approach
https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	-	New	approach
https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	-	New	approach
https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	+	C.D.	-	New	approach	with	Docker
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
DISSECTING	DOCKER	IMAGES
Shut	up	and	tell	me	how	I	can	break	it	
down
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Global	Metadata
Global	metadata	JSON	file
• Global	info	about	image	
• Modification	history	
• A	SHA256	hash	of	each	layer.	
Stored	in	order.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Manifest
Manifest	file
• A	reference	to	global	config	
file.	
• List	of	tags	for	the	image.	
• List	of	layers.	IN	ORDER
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Repositories
Repositories
• Repository	witch	belong	the	
image.	
• Repository	tags	available.	
• A	reference	to	the	last	layer.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layers
Image	layers
• A	docker	image	can	contains	
any	number	of	layers	
• Each	layer	has	their	own	
folder.	
• Each	layer	has	3	files:	
• json	
• layer.tar	
• VERSION
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
• Layer	metadata	
• Reference	to	the	parent	layer
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
• Layer	metadata	
• Reference	to	the	parent	layer
• Layer	version
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
• Layer	metadata	
• Reference	to	the	parent	layer
• Layer	version
• Folders	/	files	
• Incremental	file	system
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Why?
• Change	environment	vars	
• Change	Entry	Point	
• Add	new/modify	files	
• Analyse	the	image	
• Extract	the	content
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Manifest	/	Metadata	only	meet	
the	layer	hash
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Manifest	/	Metadata	only	meet	
the	layer	hash
The	layer	hash	is	referenced	in	
many	places
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Manifest	/	Metadata	only	meet	
the	layer	hash
The	layer	hash	is	referenced	in	
many	places
A	tiny	change	in	a	layer	content	
implies	many	changes	in	many	
files.
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
SHA256:	
f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
SHA256:	
f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker Scan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
https://github.com/cr0hn/dockerscan	
Docker Scan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
¡	Demo	time	!
Trojanizing	Docker	Images	with	
Docker	Scan
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
ABUSING	DOCKER	REGISTRY?
Yes,	we	love	break	things…
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Registry	(D.R)	-	Brief	summary
• Storage	docker	images.	
• Index	the	images	hashes	
• Create	 a	 logical	 structure	 to	 locate	
docker	images:	repository/image:tag	
• Exposes	a	REST	API	to	interact.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage
Storage	server Indexing	server
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	How	registry	storage	the	images?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	How	registry	storage	the	images?
…
…
Images
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	How	registry	storage	the	images?
…
…
Images Tags
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
latest
D.R.	-	How	registry	storage	the	images?
1.1.10
1.11.10-alpine
1.10.3-alpine
…
…
…
Images Tags
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
SHA256:	
f94a86523746be32e7981681172198717edd94333d263b1f64228a41e
14dc6b5
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
Add	the	tag:	Latest
minion :Latest
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
Add	the	tag:	Latest
minion :Latest
D.R.	-	Attacks	:	Upload	non	accessible	files
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
Add	the	tag:	Latest
minion :Latest
D.R.	-	Attacks	:	Upload	non	accessible	files
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
¡	Demo	time	!
Uploading	files	that	only	you	
can	download…
D.R.	-	Attacks	:	Upload	non	accesible	files
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	Attacks	:	Replace	remote	images
latest
1.1.10
1.11.10-alpine
1.10.3-alpine
…
…
…
Images Tags
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	Attacks	:	Replace	remote	images
latest
1.1.10
1.11.10-alpine
1.10.3-alpine
…
…
…
Images Tags
latest
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	A	short	search	in	Shodan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	A	short	search	in	Shodan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	A	short	search	in	Shodan
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
CONCLUSIONS
The	conclusion	is	simple:	give	me	your	
money	and	avoid	intermediaries
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
WE	NEED	TO	INVOKE	
SECURITY!
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
BUILD	BEST	PRACTICES
• Do	not	trust	name	or	tags,	use	digests	instead	in	FROM	declarations.
• Always	check	the	integrity	of	anything	downloaded	in	build	time.
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
REGISTRY	SECURIZATION
• Implement	some	of	the	available	authN/authZ	
options.	
• Limit	the	exposure,	the	best	case	scenario	is	
where	only	the	build	servers	are	allowed	to	push	
images	to	registries	
• Implement	signing	(https://github.com/docker/
notary)	and	don't	execute	unsigned	images.
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
RUNTIME	PROTECTION
• Don't	execute	images	with	excessive	privileges	(--
privileged	flag,	added	capabilities,	disabled	
namespaces,	etc)	
• Use	native	docker	supported	custom	security	
profiles	for	your	containers	(Seccomp,Selinux/
Apparmor)	
• Use	dynamic	analysis	tools	to	create	behavioural	
profiles	of	the	containers	and	monitor	any	suspect	
change	in	the	container	activity.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Be	careful….
…there	is	always	someone	watching
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Questions
?
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Thank	you!

More Related Content

What's hot

DockerとDocker Hubの操作と概念
DockerとDocker Hubの操作と概念DockerとDocker Hubの操作と概念
DockerとDocker Hubの操作と概念
Masahito Zembutsu
 
Docker道場「Dockerの基本概念」0825インフラ勉強会資料
Docker道場「Dockerの基本概念」0825インフラ勉強会資料Docker道場「Dockerの基本概念」0825インフラ勉強会資料
Docker道場「Dockerの基本概念」0825インフラ勉強会資料
Masahito Zembutsu
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較
Akihiro Suda
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
Kohei Tokunaga
 
初心者向けMongoDBのキホン!
初心者向けMongoDBのキホン!初心者向けMongoDBのキホン!
初心者向けMongoDBのキホン!
Tetsutaro Watanabe
 
5ステップで始めるPostgreSQLレプリケーション@hbstudy#13
5ステップで始めるPostgreSQLレプリケーション@hbstudy#135ステップで始めるPostgreSQLレプリケーション@hbstudy#13
5ステップで始めるPostgreSQLレプリケーション@hbstudy#13
Uptime Technologies LLC (JP)
 
Dockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルDockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクル
Masahito Zembutsu
 
Zaim 500万ユーザに向けて〜Aurora 編〜
Zaim 500万ユーザに向けて〜Aurora 編〜Zaim 500万ユーザに向けて〜Aurora 編〜
Zaim 500万ユーザに向けて〜Aurora 編〜
Wataru Nishimoto
 
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
NTT DATA Technology & Innovation
 
What is Docker Architecture | Edureka
What is Docker Architecture | EdurekaWhat is Docker Architecture | Edureka
What is Docker Architecture | Edureka
Edureka!
 
WiredTigerを詳しく説明
WiredTigerを詳しく説明WiredTigerを詳しく説明
WiredTigerを詳しく説明
Tetsutaro Watanabe
 
Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Web Services Japan
 
MongoDBが遅いときの切り分け方法
MongoDBが遅いときの切り分け方法MongoDBが遅いときの切り分け方法
MongoDBが遅いときの切り分け方法
Tetsutaro Watanabe
 
Flyway使いたい
Flyway使いたいFlyway使いたい
Flyway使いたい
fourside
 
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
Shuji Kikuchi
 
あなたの知らないPostgreSQL監視の世界
あなたの知らないPostgreSQL監視の世界あなたの知らないPostgreSQL監視の世界
あなたの知らないPostgreSQL監視の世界
Yoshinori Nakanishi
 
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfわたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
ssuser868e2d
 
Java EE 8新機能解説 -Bean Validation 2.0編-
Java EE 8新機能解説 -Bean Validation 2.0編-Java EE 8新機能解説 -Bean Validation 2.0編-
Java EE 8新機能解説 -Bean Validation 2.0編-
Masatoshi Tada
 
LINEのMySQL運用について 修正版
LINEのMySQL運用について 修正版LINEのMySQL運用について 修正版
LINEのMySQL運用について 修正版
LINE Corporation
 
LINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまで
LINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまでLINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまで
LINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまで
LINE Corporation
 

What's hot (20)

DockerとDocker Hubの操作と概念
DockerとDocker Hubの操作と概念DockerとDocker Hubの操作と概念
DockerとDocker Hubの操作と概念
 
Docker道場「Dockerの基本概念」0825インフラ勉強会資料
Docker道場「Dockerの基本概念」0825インフラ勉強会資料Docker道場「Dockerの基本概念」0825インフラ勉強会資料
Docker道場「Dockerの基本概念」0825インフラ勉強会資料
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
初心者向けMongoDBのキホン!
初心者向けMongoDBのキホン!初心者向けMongoDBのキホン!
初心者向けMongoDBのキホン!
 
5ステップで始めるPostgreSQLレプリケーション@hbstudy#13
5ステップで始めるPostgreSQLレプリケーション@hbstudy#135ステップで始めるPostgreSQLレプリケーション@hbstudy#13
5ステップで始めるPostgreSQLレプリケーション@hbstudy#13
 
Dockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルDockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクル
 
Zaim 500万ユーザに向けて〜Aurora 編〜
Zaim 500万ユーザに向けて〜Aurora 編〜Zaim 500万ユーザに向けて〜Aurora 編〜
Zaim 500万ユーザに向けて〜Aurora 編〜
 
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
PostgreSQLのロール管理とその注意点(Open Source Conference 2022 Online/Osaka 発表資料)
 
What is Docker Architecture | Edureka
What is Docker Architecture | EdurekaWhat is Docker Architecture | Edureka
What is Docker Architecture | Edureka
 
WiredTigerを詳しく説明
WiredTigerを詳しく説明WiredTigerを詳しく説明
WiredTigerを詳しく説明
 
Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)
 
MongoDBが遅いときの切り分け方法
MongoDBが遅いときの切り分け方法MongoDBが遅いときの切り分け方法
MongoDBが遅いときの切り分け方法
 
Flyway使いたい
Flyway使いたいFlyway使いたい
Flyway使いたい
 
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
[AKIBA.AWS] NLBとPrivateLinkの仕様に立ち向かう
 
あなたの知らないPostgreSQL監視の世界
あなたの知らないPostgreSQL監視の世界あなたの知らないPostgreSQL監視の世界
あなたの知らないPostgreSQL監視の世界
 
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdfわたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
わたくし、やっぱりCDKを使いたいですわ〜CDK import編〜.pdf
 
Java EE 8新機能解説 -Bean Validation 2.0編-
Java EE 8新機能解説 -Bean Validation 2.0編-Java EE 8新機能解説 -Bean Validation 2.0編-
Java EE 8新機能解説 -Bean Validation 2.0編-
 
LINEのMySQL運用について 修正版
LINEのMySQL運用について 修正版LINEのMySQL運用について 修正版
LINEのMySQL運用について 修正版
 
LINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまで
LINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまでLINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまで
LINE LIVE のチャットが
30,000+/min のコメント投稿を捌くようになるまで
 

Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
Commit University
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech Meetup
Startit
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
msyukor
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Rui Quintino
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
Docker, Inc.
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
Jeremy Brown
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Roberto Hashioka
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
The Incredible Automation Day
 
Golab.io
Golab.ioGolab.io
Golab.io
r3vit
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
borjaburgos
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
OWASP Delhi
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
Deep Shankar Yadav
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
ssarabadani
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
Mathias Renner
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
Jan Klat
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
Docker, Inc.
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
dotCloud
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
Christian Beedgen
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
Roberto Messora
 

Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images (20)

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech Meetup
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
 
Golab.io
Golab.ioGolab.io
Golab.io
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
 

More from Daniel Garcia (a.k.a cr0hn)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
Daniel Garcia (a.k.a cr0hn)
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your  CI / CD12 tricks to avoid hackers breaks your  CI / CD
12 tricks to avoid hackers breaks your CI / CD
Daniel Garcia (a.k.a cr0hn)
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
Daniel Garcia (a.k.a cr0hn)
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
Daniel Garcia (a.k.a cr0hn)
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Daniel Garcia (a.k.a cr0hn)
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
Daniel Garcia (a.k.a cr0hn)
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Daniel Garcia (a.k.a cr0hn)
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
Daniel Garcia (a.k.a cr0hn)
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
Daniel Garcia (a.k.a cr0hn)
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
Daniel Garcia (a.k.a cr0hn)
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Daniel Garcia (a.k.a cr0hn)
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
Daniel Garcia (a.k.a cr0hn)
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Daniel Garcia (a.k.a cr0hn)
 
Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6
Daniel Garcia (a.k.a cr0hn)
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
Daniel Garcia (a.k.a cr0hn)
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
Daniel Garcia (a.k.a cr0hn)
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
Daniel Garcia (a.k.a cr0hn)
 
Cybercam 2014
Cybercam 2014Cybercam 2014
Introduccion muy básica a Python
Introduccion muy básica a PythonIntroduccion muy básica a Python
Introduccion muy básica a Python
Daniel Garcia (a.k.a cr0hn)
 

More from Daniel Garcia (a.k.a cr0hn) (20)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your  CI / CD12 tricks to avoid hackers breaks your  CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
 
Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
 
Cybercam 2014
Cybercam 2014Cybercam 2014
Cybercam 2014
 
Introduccion muy básica a Python
Introduccion muy básica a PythonIntroduccion muy básica a Python
Introduccion muy básica a Python
 

Recently uploaded

Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
digitalxplive
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 

Recently uploaded (20)

Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 

RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images