Our Docker App Got Hacked - Now What
Offered By: YouTube
Course Description
Overview
Explore the aftermath of a Docker app hack in this BSidesRDU 2018 conference talk. Dive into the anatomy of Docker containers, learn live and cold capture techniques, and understand image listing and metadata analysis. Examine container metadata, disk content, and anticipated layers. Investigate storage backends like Overlay2 and DeviceMapper, discovering how to find container storage and access individual layers. Follow along with practical examples, including mounting layers and conducting further analysis. Gain valuable insights into post-hack forensics and containment strategies for Docker environments.
Syllabus
Intro
GOALS
ANATOMY
LIVE CAPTURE
COLD CAPTURE
IMAGE LISTING
IMAGE METADATA
CONTAINER METADATA
WHAT ABOUT DISK CONTENT?
ANTICIPATED LAYERS
STORAGE BACKEND: OVERLAY2
FINDING CONTAINER STORAGE
CONTAINER R/W LAYER
TOP IMAGE LAYER
RAW OVERLAYFS
WHAT ABOUT THE DURIAN?
EASY BUTTON!
STORAGE BACKEND: DEVICEMAPPER
THIN POOL DEVICES
ACCESSING A LAYER
MOUNTING THE LAYER
FURTHER ANALYSIS
SUMMARY
EXAMPLE CONTAINER
Related Courses
Information Security Management in a NutshellSAP Learning Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Enterprise Security Fundamentals
Microsoft via edX Planning a Security Incident Response
Microsoft via edX Introduction to Cybersecurity
Udacity