Hacker Thursday - Attacking & Auditing Docker Containers Using Open Source tools
Details
We are glad to announce an OWASP hands-on sessions on "Attacking & Auditing Docker Containers Using Open Source". This is a part of Defcon26 workshop (https://www.defcon.org/html/defcon-26/dc-26-workshops.html#akula).
Please confirm your attendance by registering on below form.
Date:- August 13th, 2018. 6 to 8 pm
Venue:- Upgrade Inc, 275 Battery Street, 23rd floor, San Francisco
Form:- https://goo.gl/forms/SuQZ4G1lBti3FBFy2
Live Stream:- Will be published soon.
Talk Description:
Attacking & Auditing Docker Containers Using Open Source tools
Session Description :
This is a part of Defcon26 workshop(https://www.defcon.org/html/defcon-26/dc-26-workshops.html#akula).
Developers and Operations teams (DevOps) have moved towards containers and modern technologies. Attackers are catching up with these technologies and finding security flaws in them. In this workshop, we will look at how we can test for security issues and vulnerabilities in Dockerised environments . Throughout the workshop we will learn how we can find security misconfigurations, insecure defaults and container escape techniques to gain access to host operating system (or) clusters. In the workshop, we will look at real world scenarios where attackers compromised containers to gain the access to applications, data and other assets.
Prerequisites: Basic familiarity with Linux and Docker
Materials: A laptop with administrator privileges
10 GB of free Hard Disk Space
Ideally 8 GB of RAM but minimum 4 GB
Laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Other virtualisation software might work but we will not be able to provide support for that.
Madhu Akula
Madhu is a security ninja and published author, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.
Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, Blackhat USA 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016. Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state. He is co-author of Security Automation with Ansible2 book published by Packt Publishing in December 2017, which is listed as a resource by the RedHat Ansible itself.
Again please fill the below form to confirm attendance
Form:- https://goo.gl/forms/3zFrv4ytdYnWskuT2