Home

Awesome

bsideslondon2019

Repo contains slides from my talk "Build to hack, hack build" from BSides London 2019

Abstract

Containers,Cloud,DevOps and SDLC are all terms that are increasing in terms of usage in the InfoSec world. In this talk, we discuss how a container exploitation tool (BOtB) was developed to identify and autopwn common vulnerabilities in container technologies such as Docker and LXC and how this tool was used in a modern SDLC environment using common CI/CD technologies to identify, exploit and remediate container vulnerabilities before releases were made to production. In this talk we elaborate on how and why BOtB was built to be used by pentesters to exploit container vulnerabilities and how BOtB can be used by engineers to secure their container environments. The talk will also explain the technical details around the vulnerabilities that can be exploited by BOtB.

Slides

Slides are available as a PDF in this repo.