This repository contains material and slides for the talk Reverse Engineering and Exploiting Builds in the Cloud:
- cheatsheet.md contains multiple commands, Dockerfiles, YML configs that can assist you in your build environment reversing.
- slides.pdf are the presentation slides.
- Recording
This research would not be possible without the contribution and effort from others in the field. Here are a list of resources that have helped us.
- https://docs.docker.com/engine/security/https/
- https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#cp
- https://docs.docker.com/engine/reference/commandline/exec/
- https://github.com/GoogleContainerTools/container-structure-test
- https://github.com/coreos/clair
- https://github.com/aquasecurity/docker-bench
- https://www.cisecurity.org/benchmark/docker/
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://www.twistlock.com/labs-blog/breaking-docker-via-runc-explaining-cve-2019-5736/
- https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-classic-platform.html
- https://github.com/wagoodman/dive
- https://github.com/cji/talks/blob/master/BruCON2018/Outside%20The%20Box%20-%20BruCON%202018.pdf
- https://github.com/singe/container-breakouts
- https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
- https://zwischenzugs.com/2015/06/24/the-most-pointless-docker-command-ever/
- moby/moby#9437
- https://circleci.com/blog/triggering-trusted-ci-jobs-on-untrusted-forks/
- https://discuss.circleci.com/t/june-2019-machine-security-incident/31101/2
- https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/