Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Attacking Docker Containers by Satheesh Kumar Varatharajan
Note: The session details including schedule are available below.

Workshop Objective:

To introduce Docker to security professionals and help them understand how it works,
How we as security professionals can use Docker during our engagements and save time.
How we could attack Docker

Table of Contents:

• Introduction to Docker 
• How Docker works
• Running Basic docker commands
    ◦ docker pull
    ◦ docker images
    ◦ docker run 
    ◦ docker exec
• How to write a Dockerfile
• Docker compose
• Scanning docker images for security vulnerabilties using tools
• Attacking Docker
    ◦ Enumerating Docker containers
    ◦ Using code execution to gain access to host machine
        ▪ Using docker.sock file mounted on host machine
        ▪ Adding user to host machine leveraging volume mount misconfiguration
    ◦ Case study of CVE-2019-5736
• Hardening Docker


1. Comfortable using basic linux commands
2. Comfortable using bind and reverse shell

Software Pre-requisites:

 Attendees must ensure that they have following, 
1. Working AWS account to create EC2 instance under free tier
2. If using a Windows machine have SSH client installed and ensure that you could connect to the AWS EC2 instance.
3. Laptop with working internet connection as the venue might not provide internet connetion.

Additional Information:

Please ensure that you have a working AWS account and internet connection.

If you have any problems with your AWS account please get in touch with the AWS support team and have your account activated.

Date Saturday May 11 2019
Chapter Bangalore
Registrations 48
Max Registrations 50
Event Type Invite Only
Start Time 09:30 AM
End Time 03:30 PM

Session Schedule

Name Speaker Start Time End Time Resources
Attacking Docker Containers Satheesh Kumar Varatharajan 09:30 AM 03:30 PM


This is an invite only event. If you are selected you will receive further information via e-mail.