Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

253 lines
15 KiB

3 years ago
  1. # Containers
  2. ---------------------
  3. ## Table of contents
  4. - []()
  5. - []()
  6. - []()
  7. - []()
  8. --------------------
  9. * [Static Analysis of Docker image vulnerabilities with Clair - Petr Kohut](https://www.nearform.com/blog/static-analysis-of-docker-image-vulnerabilities-with-clair/)
  10. * [Docker Security Best Practices: Part 3 – Securing Container Images - Jeremy Valance](https://anchore.com/docker-security-best-practices-part-3-securing-container-images/)
  11. * [How to implement Docker image scanning with open source tools - Mateo Burillo](https://sysdig.com/blog/docker-image-scanning/)
  12. https://www.digitalocean.com/community/tutorials/an-introduction-to-kubernetes
  13. https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf
  14. http://blog.sevagas.com/IMG/pdf/exploiting_capabilities_the_dark_side.pdf
  15. https://blog.hansenpartnership.com/containers-and-cloud-security/
  16. https://github.com/gravitational/gravity
  17. https://github.com/rexray/rexray
  18. https://wiki.unraid.net/UnRAID_6/Overview#Containers
  19. * [How to Lose a Container in 10 Minutes - Sarah Young(BSidesSF 2019)](https://www.youtube.com/watch?v=fSj6_WgDATE&list=PLbZzXF2qC3RvGRbNQwKcf2KVaTCjzOB8o&index=4)
  20. * Moving to the cloud and deploying containers? In this talk I will discuss both the mindset shift and tech challenges, with some common mistakes made in real-life deployments with some real life (albeit redacted) examples. We'll also look at what happens to a container that's been left open to the Internet for the duration of the talk.
  21. Understanding and HardeningLinux Containers - NCCGroup
  22. https://storageos.com/why-containers-miss-a-major-mark-solving-persistent-data-in-docker/
  23. https://blog.appsecco.com/analysing-and-exploiting-kubernetes-apiserver-vulnerability-cve-2018-1002105-3150d97b24bb?gi=da5afbcc2d73
  24. https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf
  25. https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/
  26. https://www.reddit.com/r/docker/comments/439a8h/exploiting_your_system_using_docker/
  27. https://github.com/ProfessionallyEvil/harpoon
  28. https://github.com/P3GLEG/Whaler
  29. https://samaritan.ai/blog/reversing-docker-images-into-dockerfiles/
  30. http://ifeanyi.co/posts/linux-namespaces-part-1/
  31. http://ifeanyi.co/posts/linux-namespaces-part-2/
  32. * [Docker Your Command & Control (C2) - obscuritylabs](https://blog.obscuritylabs.com/docker-command-controll-c2/)
  33. * [Vulnerable Docker VM - notsosecure](https://www.notsosecure.com/vulnerable-docker-vm/)
  34. http://www.friedhoff.org/posixfilecaps.html
  35. https://www.redhat.com/en/blog/architecting-containers-part-1-why-understanding-user-space-vs-kernel-space-matters
  36. Mesos
  37. https://stackoverflow.com/questions/47769570/what-does-apache-mesos-do-that-kubernetes-cant-do-and-vice-versa?rq=1
  38. https://stackoverflow.com/questions/26705201/whats-the-difference-between-apaches-mesos-and-googles-kubernetes?noredirect=1
  39. https://stackoverflow.com/questions/28094147/what-does-apache-mesos-actually-do
  40. http://mesos.apache.org/documentation/latest/architecture/
  41. http://mesos.apache.org/documentation/latest/
  42. https://en.wikipedia.org/wiki/Apache_Mesos
  43. https://www.notsosecure.com/vulnerable-docker-vm/
  44. https://null-byte.wonderhowto.com/how-to/create-reusable-burner-os-with-docker-part-1-making-ubuntu-hacking-container-0175328/
  45. https://null-byte.wonderhowto.com/how-to/create-reusable-burner-os-with-docker-part-2-customizing-our-hacking-container-0175353/
  46. https://blog.docker.com/2017/09/day-life-docker-admin/
  47. Peter Benjamins blogposts
  48. https://www.youtube.com/playlist?list=PLKDRii1YwXnLmd8ngltnf9Kzvbja3DJWx
  49. http://carnal0wnage.attackresearch.com/2019/01/kubernetes-master-post.html?m=1
  50. https://www.youtube.com/watch?v=fVqCAUJiIn0&feature=youtu.be
  51. https://www.youtube.com/watch?v=UwBshgfnAGA
  52. https://www.youtube.com/watch?v=ru7GicI5iyI
  53. https://docs.google.com/presentation/d/1u6S1ycs8DURORf6S9XYKjP56oszJpouOca6xlkH9ILs/edit#slide=id.p
  54. https://sysdig.com/blog/docker-image-scanning/
  55. https://cloud.google.com/solutions/best-practices-for-operating-containers
  56. https://sysdig.com/blog/oss-container-security-runtime/
  57. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/tools-and-methods-for-auditing-kubernetes-rbac-policies/
  58. http://sven.stormbind.net/blog/posts/docker_from_30_to_230/
  59. https://www.redhat.com/en/blog/architecting-containers-part-1-why-understanding-user-space-vs-kernel-space-matters
  60. [Docker]
  61. https://zeltser.com/security-risks-and-benefits-of-docker-application/
  62. https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/
  63. http://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security
  64. https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf
  65. https://www.sumologic.com/blog-security/securing-docker-containers/
  66. https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf/
  67. https://github.com/genuinetools/img
  68. * [Scanning Docker images with CoreOS Clair - wdijkerman](https://werner-dijkerman.nl/2019/01/28/scanning-docker-images-with-coreos-clair/amp/)
  69. https://medium.com/cruise/building-a-container-platform-at-cruise-part-1-507f3d561e6f
  70. * [One of the original developers of cgroups on why it was created](https://news.ycombinator.com/item?id=20599672)
  71. ### Containers
  72. * **cgroups**
  73. * **101**
  74. * **Articles/Blogposts/Writeups**
  75. * **Securing**
  76. * **Tools**
  77. * **Docker**
  78. * **101**
  79. * **Articles/Blogposts/Writeups**
  80. * **Securing**
  81. * **Tools**
  82. * **Jails**
  83. * **Kubernetes**
  84. * **101**
  85. * **Articles/Blogposts/Writeups**
  86. * **Securing**
  87. * **Tools**
  88. * **RunC**
  89. * **101**
  90. * **Articles/Blogposts/Writeups**
  91. * **Securing**
  92. * **Tools**
  93. * **Mesos**
  94. * **101**
  95. * **Articles/Blogposts/Writeups**
  96. * **Securing**
  97. * **Tools**
  98. https://github.com/coreos/clair
  99. https://github.com/freach/kubernetes-security-best-practice
  100. https://cloudplatform.googleblog.com/2018/03/exploring-container-security-an-overview.html?m=1
  101. https://itnext.io/kubernetes-hardening-d24bdf7adc25
  102. https://blog.ropnop.com/attacking-default-installs-of-helm-on-kubernetes/
  103. * https://github.com/argoproj/argo
  104. * [hardening-kubernetes from-scratch](https://github.com/hardening-kubernetes/from-scratch)
  105. * A hands-on walkthrough for creating an extremely insecure Kubernetes cluster and then hardening it, step by step.
  106. https://www.pentestpartners.com/security-blog/docker-for-hackers-a-pen-testers-guide/
  107. https://www.stackrox.com/post/2017/08/hardening-docker-containers-and-hosts-against-vulnerabilities-a-security-toolkit/
  108. * [xkcd on containers](https://xkcd.com/1988/)
  109. * https://github.com/hawkeyesec/scanner-cli
  110. * [Install and run a SPIRE Server and Agent locally on a Kubernetes cluster](https://spiffe.io/spire/getting-started-k8s/)
  111. * This tutorial walks you through getting a SPIRE Server and SPIRE Agent running in a Kubernetes cluster, and configuring a workload container to access SPIRE.
  112. * [Optimising Docker Layers for Better Caching with Nix - Graham Christensen](https://grahamc.com/blog/nix-and-layered-docker-images)
  113. * [Hacking and Hardening Kubernetes Clusters by Example - Brad Geesaman(KubeCon 2017)](https://www.youtube.com/watch?v=vTgQLzeBfRU)
  114. * "an eye-opening journey examining real compromises and sensitive data leaks that can occur inside a Kubernetes cluster, highlighting the configurations that allowed them to succeed, applying practical applications of the latest built-in security features and policies to prevent those attacks, and providing actionable steps for future detection."
  115. * [An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew](https://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf)
  116. * [PaaSTA](https://github.com/Yelp/paasta)
  117. * PaaSTA is a highly-available, distributed system for building, deploying, and running services using containers and Apache Mesos!
  118. * [Getting Towards Real Sandbox Containers - Jesse Frazelle(May2016)](https://blog.jessfraz.com/post/getting-towards-real-sandbox-containers/)
  119. * [An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew](https://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf)
  120. * [Kamus](https://github.com/Soluto/kamus)
  121. * An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides.
  122. Docker
  123. * https://github.com/wsargent/docker-cheat-sheet
  124. * https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-1-1.pdf
  125. * https://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security
  126. * http://www.projectatomic.io/blog/2014/08/is-it-safe-a-look-at-docker-and-security-from-linuxcon/
  127. * https://linux-audit.com/docker-security-best-practices-for-your-vessel-and-containers/
  128. * https://blog.docker.com/2016/02/docker-engine-1-10-security/
  129. * https://medium.com/@quayio/your-docker-image-ids-are-secrets-and-its-time-you-treated-them-that-way-f55e9f14c1a4
  130. * https://github.com/konstruktoid/Docker/blob/master/Security/CheatSheet.adoc
  131. * https://github.com/docker/docker-bench-security
  132. * https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/
  133. * http://www.projectatomic.io/blog/2016/03/no-new-privs-docker/
  134. * https://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf
  135. * https://github.com/genuinetools/bane
  136. * https://raesene.github.io/blog/2016/02/04/Docker-User-Namespaces/
  137. * [On Docker security: 'docker' group considered harmful - Andreas Jung](https://www.zopyx.com/andreas-jung/contents/on-docker-security-docker-group-considered-harmful)
  138. * [Securing The Docker Containers At CI/CD Pipeline Level - Alina Radu(BSidesBCN 2019)](https://www.youtube.com/watch?v=4whoQoNpu9Y&list=PLDuy2rk8e-D-foVf0ylfnHhSo2elmxRqy&index=10&t=0s)
  139. ### <a name="docker"></a> Docker
  140. * [How to write excellent Dockerfiles - Jakub Skalecki](https://rock-it.pl/how-to-write-excellent-dockerfiles/)
  141. * [Networking overview - docs.docker](https://docs.docker.com/network/)
  142. * [Get Started, Part 1: Orientation and setup - docs.docker](https://docs.docker.com/get-started/)
  143. * [Dockerfile reference - docs.docker.com](https://docs.docker.com/engine/reference/builder/)
  144. * [Docker Image Specification v1.0.0](https://github.com/moby/moby/blob/master/image/spec/v1.md)
  145. * [Docker security - docs.docker](https://docs.docker.com/engine/security/security/)
  146. * [Reducing Deploy Risk With Docker’s Health Check Instruction - newrelic.com](https://blog.newrelic.com/engineering/docker-health-check-instruction/)
  147. * [What is the purpose of VOLUME in Dockerfile - StackOverflow](https://stackoverflow.com/questions/34809646/what-is-the-purpose-of-volume-in-dockerfile)
  148. [Dockerfiles - Jessie Frazelle](https://github.com/jessfraz/dockerfiles)
  149. ----------------------
  150. ### <a name="containers"></a>Containers
  151. * **101**
  152. * [LXC - Wikipedia](https://en.wikipedia.org/wiki/LXC)
  153. * [Process Containers - lwn.net](https://lwn.net/Articles/236038/)
  154. * [cgroups - wikipedia](https://en.wikipedia.org/wiki/Cgroups)
  155. * [Everything you need to know about Jails - bsdnow.tv](http://www.bsdnow.tv/tutorials/jails)
  156. * [Jails - FreeBSD handbook](https://www.freebsd.org/doc/handbook/jails.html)
  157. * **Articles/Blogposts/Writeups**
  158. * **Containers**
  159. * [Controlling access to user namespaces - lwn.net](https://lwn.net/Articles/673597/)
  160. * [Namespaces in operation, part 1: namespaces overview - lwn.net](https://lwn.net/Articles/531114/#series_index)
  161. * [Linux LXC vs FreeBSD jail - Are there any notable differences between LXC (Linux containers) and FreeBSD's jails in terms of security, stability & performance? - unix.StackExchange](https://unix.stackexchange.com/questions/127001/linux-lxc-vs-freebsd-jail)
  162. * **Docker**
  163. * [Docker Security Best-Practices - Peter Benjamin](https://dev.to/petermbenjamin/docker-security-best-practices-45ih)
  164. * [Is it possible to escalate privileges and escaping from a Docker container? - StackOverflow](https://security.stackexchange.com/questions/152978/is-it-possible-to-escalate-privileges-and-escaping-from-a-docker-container)
  165. * [The Dangers of Docker.sock](https://raesene.github.io/blog/2016/03/06/The-Dangers-Of-Docker.sock/)
  166. * [Abusing Privileged and Unprivileged Linux Containers - nccgroup](https://www.nccgroup.trust/uk/our-research/abusing-privileged-and-unprivileged-linux-containers/)
  167. * [Understanding and Hardening Linux Containers - nccgroup](https://www.nccgroup.trust/uk/our-research/understanding-and-hardening-linux-containers/)
  168. * Linux containers offer native OS virtualisation, segmented by kernel namespaces, limited through process cgroups and restricted through reduced root capabilities, Mandatory Access Control and user namespaces. This paper discusses these container features, as well as exploring various security mechanisms. Also included is an examination of attack surfaces, threats, and related hardening features in order to properly evaluate container security. Finally, this paper contrasts different container defaults and enumerates strong security recommendations to counter deployment weaknesses-- helping support and explain methods for building high-security Linux containers. Are Linux containers the future or merely a fad or fantasy? This paper attempts to answer that question.
  169. * **Jails**
  170. * [ezjail – Jail administration framework](https://erdgeist.org/arts/software/ezjail/)
  171. * **Kubernetes**
  172. * **Privilege Escalation**
  173. * [Privilege Escalation via lxd - Josiah Beverton](https://reboare.github.io/lxd/lxd-escape.html)
  174. * **Talks & Presentations**
  175. * [Docker: Security Myths, Security Legends - Rory McCune](https://www.youtube.com/watch?v=uQigvjSXMLw)
  176. * **Tools**
  177. * **Containers**
  178. * [nsjail](https://github.com/google/nsjail)
  179. * A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
  180. * [ezjail – Jail administration framework](https://erdgeist.org/arts/software/ezjail/)
  181. * **Docker**
  182. * [docker-layer2-icc](https://github.com/brthor/docker-layer2-icc)
  183. * Demonstrating that disabling ICC in docker does not block raw packets between containers.
  184. * [docker-bench-security](https://github.com/docker/docker-bench-security)
  185. * The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
  186. * [Vulnerable Docker VM](https://www.notsosecure.com/vulnerable-docker-vm/)
  187. * For practicing pen testing docker instances
  188. * **Kubernetes**
  189. * [Kubernetes Security Best-Practices - Peter Benjamin](https://dev.to/petermbenjamin/kubernetes-security-best-practices-hlk)