Securium Solutions

Abusing Docker Remote API

Enable Docker API for Remote connection and Abusing the Docker API

In this blog, we will learn How can we abuse the Docker API after enabling the Docker API for Remote Connection. But, first of all, we will learn about Docker client-server Architecture. So that we can have a basic understanding of Docker API, Docker CLI, and Docker daemon Docker daemon The brain behind all operations …

Enable Docker API for Remote connection and Abusing the Docker API Read More »

Docker Privilege Escalation

Docker Privilege Escalation

In the previous blog we discussed “Abusing the Docker API” and today we will learn about Docker Privilege Escalation. We will learn how to escalate the privileges of the root shell if the docker is running on the host’s system.. Every Docker environment has a set of inherent security limitations. For example, sudo on Linux …

Docker Privilege Escalation Read More »

Vulnerability Assessment of Docker Image

Vulnerability Assessment of Docker Image

In order to protect your Docker images, it’s important to understand some basics of how Docker image vulnerability assessment work. Here are some tips that will help you better manage your containers so they’re not easily hijacked by malicious actors. We should know the basics of container vulnerabilities. Some of the most common vulnerabilities in …

Vulnerability Assessment of Docker Image Read More »

Docker

Introduction to Docker and How Docker can be used as Pentesting?

What is Docker? Docker is an open-source platform for building and running applications in a container that acts as a lightweight virtual machine. Terminologies: Docker Container: Containers are designed to run isolated from other processes so they only take up the resources they require. This means that containers don’t interfere with each other or the …

Introduction to Docker and How Docker can be used as Pentesting? Read More »

How Hackers Use Message Mirroring App to Show All SMS Texts and Bypass 2FA Security

It’s no secret that usernames and passwords alone do not provide secure access to online services. According to a recent study, more than 80% of all hacking-related breaches were corrupted and caused by weak credentials, with 3 billion username / password combinations stolen in 2016 alone. As you can see, the implementation of two-step verification …

How Hackers Use Message Mirroring App to Show All SMS Texts and Bypass 2FA Security Read More »