https://i.blackhat.com/USA-19/Thursday/us-19-Edwards-Compendium-Of-Container-Escapes-up.pdf https://sec.vnpt.vn/2023/07/container-breakout-overview/ https://takahiro-oda.medium.com/docker-security-an-overview-of-docker-security-essentials-4a536e485729 https://viblo.asia/p/co-hang-ngan-bi-mat-duoc-giau-trong-docker-hub-yZjJYGGDVOE leak credentials from dockerhub https://r2nw.github.io/posts/ASCIS2023WARMUP/ `sudo docker run --user root <image name>` docker image save 7b1425204c8d -o flag `https://0xdf.gitlab.io/2018/09/22/htb-olympus.html#pivot-to-hades--olympus---shell-as-prometheus` ``` #move the os into docker docker run -v /:/hostOS -i -t rodhes bash ``` https://systemweakness.com/busqueda-hack-the-box-964fed1515a6 ``` docker container ls --format='{{jsoj .}}' docker-inspect '{{json .}}' mysql_db ``` https://vmtien.id.vn/tim-hieu-10-cach-tan-cong-ci-cd-thong-qua-ctf-phan-1/ https://vmtien.id.vn/chien-luoc-backup-3-2-1/ https://vmtien.id.vn/github-actions-tinh-nang-huu-ich-tiem-an-rui-ro/ read later https://www.kitploit.com/2024/04/adokit-azure-devops-services-attack.html?m=1 https://github.com/cider-security-research https://github.com/courselabs/devsecops?tab=readme-ov-file https://devsecops.courselabs.co/ devops studing https://github.com/100daysofdevops/100daysofdevops https://www.youtube.com/@elroydevops/videos # Hardening https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/ Lynis tool secure docker Docker Bench for Security EvilDockerfile someone pushes (push) an older version of the software to the Docker repository and tags it as latest, users downloading the image with the latest tag will receive this older version Automatic images scanning curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json | jq . Retrieving the list of running containers. https://medium.com/@SecurityArchitect/hardening-container-images-best-practices-and-examples-for-docker-e941263cab13 https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation CUT - pipeline DevSecOps | Triển khai quy trình DevSecOps thực tế https://www.youtube.com/watch?v=PFdNmA2y9go https://medium.com/@DevSec0ps/ci-cd-and-build-security-tryhackme-thm-write-up-walkthrough-c672b7762cf9