YoVDO

The COW - Container On Windows Who Escaped the Silo

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Virtualization Courses Cloud Services Courses Windows Containers Courses Container Security Courses

Course Description

Overview

Explore the security implications of Windows process-isolated containers in this Black Hat conference talk. Delve into the foundations of cloud services, focusing on virtualization and container isolation. Examine how Windows isolates container processes and filesystems, and prevents containers from executing potentially harmful syscalls. Investigate the implementation of Ntoskrnl using server silos and job objects. Discover answers to critical questions about container isolation and potential attacker capabilities. Learn about past vulnerabilities, anti-system debugging techniques, UEFI, and NVM. Conclude with a demonstration and discussion of mitigation strategies for enhanced container security.

Syllabus

Introduction
Containers
User flag
Past vulnerabilities
Trivia
AntiSystem Debug
UEFI
NVM
Demo
Mitigation


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube