Hack ElasticSearch container

Learn how to use application exploits to gain access to a container

CGroups and Namespaces

Learn how cgroups and namespaces limit what a container can do

Fork Bombing and Resource Limits

Learn how to protect against fork bombs and resource starvation

Securing Your Host

Learn how to test your infrastructure for secure best-practices

User Namespaces

Learn how to change root account via user namespaces

Intro to Kernel Capabilities

Learn about allowing root-level operations to untrusted users with kernels capabilities

Introduction to Seccomp

Learn how to use Seccomp to restrict syscalls

Use No New Privileges flag to restrict additional access

Learn how to restrict applications with correct flags gaining root access

Intro to Apparmor

Learn how AppArmor profiles protect processes

Generate AppArmor profiles using Bane

Learn how Bane can be used to generate AppArmor profiles

Images and Scanning

Scan images for vulnerabilities before running them

Control Plane
Copyright © 2018 controlplane