Containers for Pentesters
About Me
- Ex-Pentester/IT Security person
- Senior Security Advocate at Datadog
- CIS Benchmark author, Docker and Kubernetes
- Member of Kubernetes SIG-Security & CNCF TAG-Security
What's a container then?
Demo
What Does Docker do?
Demo
Docker Desktop
An important Aside : Docker Security model
docker run -ti --privileged --net=host --pid=host --ipc=host --volume /:/host busybox chroot /host
Demo
Why do we need these things as pentesters?
VM vs Container
Docker Hub
Make your own Images
Tool specific
vs
Kitchen Sink
Choosing a base distro
- Scratch
- Alpine
- Debian/Ubuntu
- Red Hat
- Not CentOS*
Dockerfile Basics - Single command image
FROM ubuntu:22.04 RUN apt update && apt install -y nmap && apt-get clean ENTRYPOINT ["nmap"]
Demo - Using the Basic image
docker build -t nmap -f Dockerfile.nmap .
docker run --net=host nmap -v -n -sT 127.0.0.1
Root vs Non-Root
Trick - Getting root back in non-root envs
FROM ubuntu:22.04
RUN cp /bin/bash /bin/setuidbash && chmod 4755 /bin/setuidbash
RUN adduser tester
USER tester
CMD ["/bin/bash"]
Getting Data in and out of containers
docker run -it -v ~/testdata:/testdata [image] /bin/bash
Conclusion
- Containers are quite easy to use once you understand what they do.
- Very helpful for keeping tool envs clean
- Very helpful for jobs that use Kubernetes
Resources and Links
- https://github.com/raesene/alpine-containertools - Example kitchen sink image!
- https://github.com/raesene/dockerized-security-tools - Example Tool specific images (old)
- https://securitylabs.datadoghq.com - Blog series on container security fundamentals
- https://container-security.site - General container security resources
- https://talks.container-security.site - Archive of Container/Cloud Native security talks
Thanks
- E-Mail: rory.mccune@datadoghq.com
- Mastodon: @raesene@infosec.exchange
- Twitter: @raesene
Containers for Pentesters
{"metaMigratedAt":"2023-06-18T02:53:31.448Z","metaMigratedFrom":"YAML","title":"Containers for Pentesters","breaks":false,"description":"Containers for Pentesters As a pentester,red teamer,general security person, there’s often the need to use a lot of tools to get the job done, and often a need for different environments for different customers. Traditionally this kind of requirement has been managed by using Virtual Machines to create isolated environments, but keeping those VMs updated with patches and storing them can be a bit of a pain. However, there is another way! Containers can be used to create regularly updated, isolated environments for running tools with less resource overhead than VMs. This talk will explain a bit about how containers work, and go through the tricks and tips of using them for security work.","slideOptions":"{\"theme\":\"blood\",\"allottedMinutes\":30}","contributors":"[{\"id\":\"d371f3af-4727-4a8c-863f-ebcf30897cef\",\"add\":8827,\"del\":2828}]"}