SlideShare a Scribd company logo
Docker Might not be your friend
Trojanizing Docker like a Sir
Roberto	Muñoz	(robsky)	-	@skyeinthewildDaniel	García	(cr0hn)	-	@ggdaniel
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
<spam>About	Us</spam>
• Creator/co-creator	many	security	tools	
• Security	researcher	/	ethical	hacking	
• Chapter	Leader	OWASP	Madrid	
• Python	developer
https://www.linkedin.com/in/garciagarciadaniel
https://www.linkedin.com/in/roberto-muñoz-fernández-8389a313/
• SecDevOPs	
• Security	researcher	
• Former	 BOFH	 (Because	 even	 developers	
need	heroes)
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
What’s	this	talk	about?
1. What’s	Docker	
2. The	Docker	environment	
3. What’s	a	C.I.	/	C.D.	cycle?	
4. Dissecting	Docker	images	
5. Abusing	Docker	registry?	
6. Conclusions
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
What’s	this	talk	about?
1. What’s	Docker	
2. The	Docker	environment	
3. What’s	a	C.I.	/	C.D.	cycle?	
4. Dissecting	Docker	images	
5. Abusing	Docker	registry?	
6. Conclusions
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
WHAT’S	DOCKER?
If	you	feel	like	the	monkeys	of	
2001	odyssey,	this	is	chapter	is	
important	to	you
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	A	brief	definition
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	A	brief	definition
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
IS NOT
VIRTUALIZATION
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Docker	vs	VM
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Dockerfile Image Container
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Dockerfile Image Container
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Dockerfile Image Container
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Different
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Different
But similar
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	Docker	-	Parts
Different
But similar
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
THE	DOCKER	ENVIRONMENT
Neighbourhood	colleagues
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Registry
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Registry Docker	Orchestrators
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Host
Docker	Registry Docker	Orchestrators
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Host
Docker	Registry
Docker	Image	builder
Docker	Orchestrators
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	environment
Docker	Host
Docker	Registry
Docker	Image	builder
Docker	Orchestrators
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
WHAT’S	A	C.I.	/	C.D	CYCLE?
Ensure	that	your	boss	does	not	see	this,	
he	could	realise	that	you	are	not	really	
necessary….	fired!	fired!	fired!
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Summary	-	Definitions
1. Continuous Integration - C.I:
“Is the practice of merging all developer working
copies to a shared mainline several times a day.”
2.Continuous Deployment - C.D:
“Is a software engineering approach in which
teams produce software in short cycles,
ensuring that the software can be reliably
released at any time.”
Source Wikipedia
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Restart the process
is hard
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Restart the process
is hard
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I	-	Classic	cycle
Very manual process
Restart the process
is hard
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	-	New	approach
https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	-	New	approach
https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	-	New	approach
https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
C.I.	+	C.D.	-	New	approach	with	Docker
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Image	builder
C.I.	+	C.D.	-	New	approach	with	Docker
Docker	Host Docker	Registry
Orchestrator
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
DISSECTING	DOCKER	IMAGES
Shut	up	and	tell	me	how	I	can	break	it	
down
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
What’s	a	docker	image?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Global	Metadata
Global	metadata	JSON	file
• Global	info	about	image	
• Modification	history	
• A	SHA256	hash	of	each	layer.	
Stored	in	order.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Manifest
Manifest	file
• A	reference	to	global	config	
file.	
• List	of	tags	for	the	image.	
• List	of	layers.	IN	ORDER
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Repositories
Repositories
• Repository	witch	belong	the	
image.	
• Repository	tags	available.	
• A	reference	to	the	last	layer.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layers
Image	layers
• A	docker	image	can	contains	
any	number	of	layers	
• Each	layer	has	their	own	
folder.	
• Each	layer	has	3	files:	
• json	
• layer.tar	
• VERSION
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
• Layer	metadata	
• Reference	to	the	parent	layer
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
• Layer	metadata	
• Reference	to	the	parent	layer
• Layer	version
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Layer	content
• Layer	metadata	
• Reference	to	the	parent	layer
• Layer	version
• Folders	/	files	
• Incremental	file	system
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	image	parts	-	Extracting	content
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Why?
• Change	environment	vars	
• Change	Entry	Point	
• Add	new/modify	files	
• Analyse	the	image	
• Extract	the	content
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Manifest	/	Metadata	only	meet	
the	layer	hash
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Manifest	/	Metadata	only	meet	
the	layer	hash
The	layer	hash	is	referenced	in	
many	places
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Manifest	/	Metadata	only	meet	
the	layer	hash
The	layer	hash	is	referenced	in	
many	places
A	tiny	change	in	a	layer	content	
implies	many	changes	in	many	
files.
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
SHA256:	
f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
SHA256:	
f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Problems
We	need	to	update	the	
references	and	metadata
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Manipulating	Docker	images	-	Attacks
LD_PRELOAD
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker Scan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
https://github.com/cr0hn/dockerscan	
Docker Scan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
¡	Demo	time	!
Trojanizing	Docker	Images	with	
Docker	Scan
Manipulating	Docker	images	-	Attacks
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
ABUSING	DOCKER	REGISTRY?
Yes,	we	love	break	things…
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Docker	Registry	(D.R)	-	Brief	summary
• Storage	docker	images.	
• Index	the	images	hashes	
• Create	 a	 logical	 structure	 to	 locate	
docker	images:	repository/image:tag	
• Exposes	a	REST	API	to	interact.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage
Storage	server Indexing	server
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	How	registry	storage	the	images?
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	How	registry	storage	the	images?
…
…
Images
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	How	registry	storage	the	images?
…
…
Images Tags
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
latest
D.R.	-	How	registry	storage	the	images?
1.1.10
1.11.10-alpine
1.10.3-alpine
…
…
…
Images Tags
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
SHA256:	
f94a86523746be32e7981681172198717edd94333d263b1f64228a41e
14dc6b5
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	As	image	storage	:	Upload	process
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
Add	the	tag:	Latest
minion :Latest
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
Add	the	tag:	Latest
minion :Latest
D.R.	-	Attacks	:	Upload	non	accessible	files
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Client Docker	Registry
I	want	upload	the	image:	minion
Oks.	Here	is	your	upload	Path
Uploading…
Add	the	tag:	Latest
minion :Latest
D.R.	-	Attacks	:	Upload	non	accessible	files
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
¡	Demo	time	!
Uploading	files	that	only	you	
can	download…
D.R.	-	Attacks	:	Upload	non	accesible	files
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	Attacks	:	Replace	remote	images
latest
1.1.10
1.11.10-alpine
1.10.3-alpine
…
…
…
Images Tags
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	Attacks	:	Replace	remote	images
latest
1.1.10
1.11.10-alpine
1.10.3-alpine
…
…
…
Images Tags
latest
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	A	short	search	in	Shodan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	A	short	search	in	Shodan
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
D.R.	-	A	short	search	in	Shodan
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
CONCLUSIONS
The	conclusion	is	simple:	give	me	your	
money	and	avoid	intermediaries
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
WE	NEED	TO	INVOKE	
SECURITY!
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
BUILD	BEST	PRACTICES
• Do	not	trust	name	or	tags,	use	digests	instead	in	FROM	declarations.
• Always	check	the	integrity	of	anything	downloaded	in	build	time.
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
REGISTRY	SECURIZATION
• Implement	some	of	the	available	authN/authZ	
options.	
• Limit	the	exposure,	the	best	case	scenario	is	
where	only	the	build	servers	are	allowed	to	push	
images	to	registries	
• Implement	signing	(https://github.com/docker/
notary)	and	don't	execute	unsigned	images.
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
RUNTIME	PROTECTION
• Don't	execute	images	with	excessive	privileges	(--
privileged	flag,	added	capabilities,	disabled	
namespaces,	etc)	
• Use	native	docker	supported	custom	security	
profiles	for	your	containers	(Seccomp,Selinux/
Apparmor)	
• Use	dynamic	analysis	tools	to	create	behavioural	
profiles	of	the	containers	and	monitor	any	suspect	
change	in	the	container	activity.
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Be	careful….
…there	is	always	someone	watching
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Questions
?
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Docker	might	not	be	your	friend	-	Trojanizing	Docker	like	a	Sir
Daniel	García	(cr0hn)	-	@ggdaniel	|	Roberto	Muñoz	(robskye)	-	@skyeinthewild
Thank	you!

More Related Content

What's hot

Docker
DockerDocker
Microsoft Azure Storage 概要
Microsoft Azure Storage 概要Microsoft Azure Storage 概要
Microsoft Azure Storage 概要
Takeshi Fukuhara
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
AWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormationAWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormation
Amazon Web Services Japan
 
【JAWS DAYS 2016】ランサーズを支えるAurora
【JAWS DAYS 2016】ランサーズを支えるAurora【JAWS DAYS 2016】ランサーズを支えるAurora
【JAWS DAYS 2016】ランサーズを支えるAurora
Yuki Kanazawa
 
【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介
【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介
【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介
日本マイクロソフト株式会社
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Aditya Konarde
 
"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築
"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築
"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築
Junji Nishihara
 
Docker intro
Docker introDocker intro
Docker intro
Oleg Z
 
Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発
Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発
Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発
Amazon Web Services Japan
 
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
Amazon Web Services Japan
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
Bangladesh Network Operators Group
 
AWSのEC2の複数インスタンスからファイルを共有する方法
AWSのEC2の複数インスタンスからファイルを共有する方法AWSのEC2の複数インスタンスからファイルを共有する方法
AWSのEC2の複数インスタンスからファイルを共有する方法
聡 大久保
 
[AWS Migration Workshop] 데이터베이스를 AWS로 손쉽게 마이그레이션 하기
[AWS Migration Workshop]  데이터베이스를 AWS로 손쉽게 마이그레이션 하기[AWS Migration Workshop]  데이터베이스를 AWS로 손쉽게 마이그레이션 하기
[AWS Migration Workshop] 데이터베이스를 AWS로 손쉽게 마이그레이션 하기
Amazon Web Services Korea
 
20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説
20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説
20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説
Amazon Web Services Japan
 
Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Web Services Japan
 
CIデモ環境 構築手順書
CIデモ環境 構築手順書CIデモ環境 構築手順書
CIデモ環境 構築手順書
VirtualTech Japan Inc.
 
「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)
「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)
「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)
Masaya Tahara
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Edureka!
 
AWSで実現するバックアップとディザスタリカバリ
AWSで実現するバックアップとディザスタリカバリAWSで実現するバックアップとディザスタリカバリ
AWSで実現するバックアップとディザスタリカバリ
Amazon Web Services Japan
 

What's hot (20)

Docker
DockerDocker
Docker
 
Microsoft Azure Storage 概要
Microsoft Azure Storage 概要Microsoft Azure Storage 概要
Microsoft Azure Storage 概要
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
AWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormationAWS Black Belt Online Seminar 2016 AWS CloudFormation
AWS Black Belt Online Seminar 2016 AWS CloudFormation
 
【JAWS DAYS 2016】ランサーズを支えるAurora
【JAWS DAYS 2016】ランサーズを支えるAurora【JAWS DAYS 2016】ランサーズを支えるAurora
【JAWS DAYS 2016】ランサーズを支えるAurora
 
【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介
【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介
【de:code 2020】 クラウド時代のデータ保護とリスク管理を支援する Microsoft 365 コンプライアンス ソリューションのご紹介
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築
"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築
"Kong Summit, Japan 2022" パートナーセッション:Kong on AWS で実現するスケーラブルな API 基盤の構築
 
Docker intro
Docker introDocker intro
Docker intro
 
Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発
Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発
Amazon SageMaker 推論エンドポイントを利用したアプリケーション開発
 
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
 
AWSのEC2の複数インスタンスからファイルを共有する方法
AWSのEC2の複数インスタンスからファイルを共有する方法AWSのEC2の複数インスタンスからファイルを共有する方法
AWSのEC2の複数インスタンスからファイルを共有する方法
 
[AWS Migration Workshop] 데이터베이스를 AWS로 손쉽게 마이그레이션 하기
[AWS Migration Workshop]  데이터베이스를 AWS로 손쉽게 마이그레이션 하기[AWS Migration Workshop]  데이터베이스를 AWS로 손쉽게 마이그레이션 하기
[AWS Migration Workshop] 데이터베이스를 AWS로 손쉽게 마이그레이션 하기
 
20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説
20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説
20201118 AWS Black Belt Online Seminar 形で考えるサーバーレス設計 サーバーレスユースケースパターン解説
 
Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)Amazon Aurora Deep Dive (db tech showcase 2016)
Amazon Aurora Deep Dive (db tech showcase 2016)
 
CIデモ環境 構築手順書
CIデモ環境 構築手順書CIデモ環境 構築手順書
CIデモ環境 構築手順書
 
「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)
「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)
「DevSecOpsとは?」の一歩先 (CloudNative Days Tokyo 2021)
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
 
AWSで実現するバックアップとディザスタリカバリ
AWSで実現するバックアップとディザスタリカバリAWSで実現するバックアップとディザスタリカバリ
AWSで実現するバックアップとディザスタリカバリ
 

Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
Commit University
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech Meetup
Startit
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
msyukor
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Rui Quintino
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
Docker, Inc.
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
Jeremy Brown
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Roberto Hashioka
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
The Incredible Automation Day
 
Golab.io
Golab.ioGolab.io
Golab.io
r3vit
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
borjaburgos
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
OWASP Delhi
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
Deep Shankar Yadav
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
ssarabadani
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
Mathias Renner
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
Jan Klat
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
dotCloud
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
Docker, Inc.
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
Christian Beedgen
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
Roberto Messora
 

Similar to RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images (20)

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech Meetup
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
 
Golab.io
Golab.ioGolab.io
Golab.io
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
 

More from Daniel Garcia (a.k.a cr0hn)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
Daniel Garcia (a.k.a cr0hn)
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your  CI / CD12 tricks to avoid hackers breaks your  CI / CD
12 tricks to avoid hackers breaks your CI / CD
Daniel Garcia (a.k.a cr0hn)
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
Daniel Garcia (a.k.a cr0hn)
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
Daniel Garcia (a.k.a cr0hn)
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Daniel Garcia (a.k.a cr0hn)
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
Daniel Garcia (a.k.a cr0hn)
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Daniel Garcia (a.k.a cr0hn)
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
Daniel Garcia (a.k.a cr0hn)
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
Daniel Garcia (a.k.a cr0hn)
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
Daniel Garcia (a.k.a cr0hn)
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Daniel Garcia (a.k.a cr0hn)
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
Daniel Garcia (a.k.a cr0hn)
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Daniel Garcia (a.k.a cr0hn)
 
Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6
Daniel Garcia (a.k.a cr0hn)
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
Daniel Garcia (a.k.a cr0hn)
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
Daniel Garcia (a.k.a cr0hn)
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
Daniel Garcia (a.k.a cr0hn)
 
Cybercam 2014
Cybercam 2014Cybercam 2014
Introduccion muy básica a Python
Introduccion muy básica a PythonIntroduccion muy básica a Python
Introduccion muy básica a Python
Daniel Garcia (a.k.a cr0hn)
 

More from Daniel Garcia (a.k.a cr0hn) (20)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your  CI / CD12 tricks to avoid hackers breaks your  CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
 
Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
 
Cybercam 2014
Cybercam 2014Cybercam 2014
Cybercam 2014
 
Introduccion muy básica a Python
Introduccion muy básica a PythonIntroduccion muy básica a Python
Introduccion muy básica a Python
 

Recently uploaded

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 

Recently uploaded (20)

Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 

RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images