Your Cart

15 minute recap of a Defcon Talk on Containers

The talk is  “An Attacker Looks at Docker: Approaching Multi-Container Applications by Wesley McGrew and can be found here.

My presentation at TASK

Google Slides – create and edit presentations online, for free.
Create a new presentation and edit with others at the same time. Get stuff done with or without an internet connection. Use Slides to edit PowerPoint files. Free from Google.

Summary of the Content

What is Docker?

  • Docker is a tool designed to make it easier to create, deploy, and run applications by using containers
  • Containers – a standardized unit of software
  • Essentially a config file for virtual machines
  • Lightweight, easy to share, easy to deploy

Basic Docker Configuration

  • Containerization allows for the design of applications that are composed of many independent single-purpose services eg. microservices
  • Each multi-container docker setup creates a network with all the dependant containers safely nested inside
  • Container images are usually pulled from a registry
  • Specific ports are exposed to the public
  • Set the user permissions and start script

Looking at Docker from the Red

Multi-container applications have their own networks and are possibly shared with other applications

  • Monolithic – Specific knowledge of the platform is required
  • Multi-container – Leverage system/network-level post-exploitation and sniffing tools
  • Docker inherently trusts the internal network by default
  • This gives an attacker many opportunities to pivot once they’re in

Exploiting Multi-container Systems

  • The attack begins by exploiting a single service
  • Once you have access to one container, you can now scan the rest of the network
  • Similar to examining an internal network
  • NMAP or any equivalent tool can scan for any hidden services
  • You can then use your container to expose a hidden service


  • Docker images are usually not default server installations
  • Stripped version of most of the popular Linux flavours
  • Getting a scanner onto very slim images can be difficult
  • Getting anything onto these images can be difficult
  • Docker has no fingerprint when looking at it from the outside



  • Existing networking skills can be used
  • Containers should not be trusted
  • Having a basic understanding of new technologies can go a long way
  • The trendy/new thing is not that new
  • Docker is actually pretty cool