Description
In this course, you will learn:
- Fundamentals of Docker Images and Containers.
- How to create your first Docker image.
- How to start your first Docker container.
- Fundamentals of Container Security.
- Using automated tools to audit Docker containers.
- Docker Security Fundamentals for Penetration Testers.
- Common container misconfigurations.
- Container security principles for DevSecOps pipelines.
- This course falls within the categories: cyber security, ethical hacking, and information security.
Syllabus:
1. Fundamentals of Docker
- What is Docker?
- Virtual Machines vs Containers
- Virtual Machine Download
- Lab setup
- Building your first Docker Image
- Running your first Docker container
- Images vs Containers
- How Docker Images are stored locally
- Namespaces
2. Hacking Docker Containers
- Docker Attack Surface
- Exploiting vulnerable images
- Backdooring Docker Images
- Privilege Escalation
- Container breakout- Introduction
- Introduction to docker.sock
- Container escape using docker.sock
- Introduction to --privileged flag
- Writing to kernel space from a container
- Writing to kernel space to get a reverse shell
- Accessing Docker Secrets
3. Automated Assessments
- Scanning Docker Images
- Auditing the environment using Docker Bench Security
4. Defenses
- Apprarmor profiles
- Seccomp profiles
- Capabilities
- Docker Content Trust