SlideShare une entreprise Scribd logo

RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images

Daniel Garcia (a.k.a cr0hn)
Daniel Garcia (a.k.a cr0hn)

The document discusses a talk titled "Docker might not be your friend - Trojanizing Docker like a Sir" given by Daniel García and Roberto Muñoz. The talk covers what Docker is, the Docker environment including components like Docker hosts, registries, and orchestrators. It also discusses continuous integration/continuous deployment cycles and how Docker fits into those processes. The slides provide definitions and diagrams to explain these concepts.

Technologie
1  sur  150
Télécharger pour lire hors ligne
Docker Might not be your friend Trojanizing Docker like a Sir Roberto Muñoz (robsky) - @skyeinthewildDaniel García (cr0hn) - @ggdaniel
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild <spam>About Us</spam> • Creator/co-creator many security tools • Security researcher / ethical hacking • Chapter Leader OWASP Madrid • Python developer https://www.linkedin.com/in/garciagarciadaniel https://www.linkedin.com/in/roberto-muñoz-fernández-8389a313/ • SecDevOPs • Security researcher • Former BOFH (Because even developers need heroes)
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild What’s this talk about? 1. What’s Docker 2. The Docker environment 3. What’s a C.I. / C.D. cycle? 4. Dissecting Docker images 5. Abusing Docker registry? 6. Conclusions
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild What’s this talk about? 1. What’s Docker 2. The Docker environment 3. What’s a C.I. / C.D. cycle? 4. Dissecting Docker images 5. Abusing Docker registry? 6. Conclusions
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild WHAT’S DOCKER? If you feel like the monkeys of 2001 odyssey, this is chapter is important to you
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - A brief definition
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - A brief definition
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM IS NOT VIRTUALIZATION
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Docker vs VM
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Dockerfile Image Container
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Dockerfile Image Container
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Dockerfile Image Container
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Different
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Different But similar
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s Docker - Parts Different But similar
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild THE DOCKER ENVIRONMENT Neighbourhood colleagues
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Registry
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Registry Docker Orchestrators
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Host Docker Registry Docker Orchestrators
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Host Docker Registry Docker Image builder Docker Orchestrators
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker environment Docker Host Docker Registry Docker Image builder Docker Orchestrators
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild WHAT’S A C.I. / C.D CYCLE? Ensure that your boss does not see this, he could realise that you are not really necessary…. fired! fired! fired!
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Summary - Definitions 1. Continuous Integration - C.I: “Is the practice of merging all developer working copies to a shared mainline several times a day.” 2.Continuous Deployment - C.D: “Is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time.” Source Wikipedia
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process Restart the process is hard
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process Restart the process is hard
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I - Classic cycle Very manual process Restart the process is hard
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. - New approach https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. - New approach https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. - New approach https://insights.sei.cmu.edu/devops/2015/01/continuous-integration-in-devops-1.html
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir C.I. + C.D. - New approach with Docker
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Image builder C.I. + C.D. - New approach with Docker Docker Host Docker Registry Orchestrator
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild DISSECTING DOCKER IMAGES Shut up and tell me how I can break it down
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir What’s a docker image?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Global Metadata Global metadata JSON file • Global info about image • Modification history • A SHA256 hash of each layer. Stored in order.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Manifest Manifest file • A reference to global config file. • List of tags for the image. • List of layers. IN ORDER
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Repositories Repositories • Repository witch belong the image. • Repository tags available. • A reference to the last layer.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layers Image layers • A docker image can contains any number of layers • Each layer has their own folder. • Each layer has 3 files: • json • layer.tar • VERSION
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content • Layer metadata • Reference to the parent layer
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content • Layer metadata • Reference to the parent layer • Layer version
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Layer content • Layer metadata • Reference to the parent layer • Layer version • Folders / files • Incremental file system
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker image parts - Extracting content
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Why? • Change environment vars • Change Entry Point • Add new/modify files • Analyse the image • Extract the content
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems Manifest / Metadata only meet the layer hash
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems Manifest / Metadata only meet the layer hash The layer hash is referenced in many places
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems Manifest / Metadata only meet the layer hash The layer hash is referenced in many places A tiny change in a layer content implies many changes in many files.
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems SHA256: f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems SHA256: f94a86523746be32e7981681172198717edd94333d263b1f64228a41e14dc6b5
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Problems We need to update the references and metadata
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Manipulating Docker images - Attacks LD_PRELOAD
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Scan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir https://github.com/cr0hn/dockerscan Docker Scan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir ¡ Demo time ! Trojanizing Docker Images with Docker Scan Manipulating Docker images - Attacks
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild ABUSING DOCKER REGISTRY? Yes, we love break things…
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Docker Registry (D.R) - Brief summary • Storage docker images. • Index the images hashes • Create a logical structure to locate docker images: repository/image:tag • Exposes a REST API to interact.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage Storage server Indexing server
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - How registry storage the images?
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - How registry storage the images? … … Images
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - How registry storage the images? … … Images Tags
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir latest D.R. - How registry storage the images? 1.1.10 1.11.10-alpine 1.10.3-alpine … … … Images Tags
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion Oks. Here is your upload Path
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… SHA256: f94a86523746be32e7981681172198717edd94333d263b1f64228a41e 14dc6b5
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - As image storage : Upload process Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… Add the tag: Latest minion :Latest
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… Add the tag: Latest minion :Latest D.R. - Attacks : Upload non accessible files
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Client Docker Registry I want upload the image: minion Oks. Here is your upload Path Uploading… Add the tag: Latest minion :Latest D.R. - Attacks : Upload non accessible files
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir ¡ Demo time ! Uploading files that only you can download… D.R. - Attacks : Upload non accesible files
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - Attacks : Replace remote images latest 1.1.10 1.11.10-alpine 1.10.3-alpine … … … Images Tags
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - Attacks : Replace remote images latest 1.1.10 1.11.10-alpine 1.10.3-alpine … … … Images Tags latest
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - A short search in Shodan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - A short search in Shodan
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir D.R. - A short search in Shodan
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild CONCLUSIONS The conclusion is simple: give me your money and avoid intermediaries
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild WE NEED TO INVOKE SECURITY!
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild BUILD BEST PRACTICES • Do not trust name or tags, use digests instead in FROM declarations. • Always check the integrity of anything downloaded in build time.
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild REGISTRY SECURIZATION • Implement some of the available authN/authZ options. • Limit the exposure, the best case scenario is where only the build servers are allowed to push images to registries • Implement signing (https://github.com/docker/ notary) and don't execute unsigned images.
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild RUNTIME PROTECTION • Don't execute images with excessive privileges (-- privileged flag, added capabilities, disabled namespaces, etc) • Use native docker supported custom security profiles for your containers (Seccomp,Selinux/ Apparmor) • Use dynamic analysis tools to create behavioural profiles of the containers and monitor any suspect change in the container activity.
Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Docker might not be your friend - Trojanizing Docker like a Sir Be careful…. …there is always someone watching
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Questions ?
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild
Docker might not be your friend - Trojanizing Docker like a Sir Daniel García (cr0hn) - @ggdaniel | Roberto Muñoz (robskye) - @skyeinthewild Thank you!

Recommandé

KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するHitachi, Ltd. OSS Solution Center.
 
これからのネイティブアプリにおけるOpenID Connectの活用
これからのネイティブアプリにおけるOpenID Connectの活用これからのネイティブアプリにおけるOpenID Connectの活用
これからのネイティブアプリにおけるOpenID Connectの活用Masaru Kurahayashi
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified IDNaohiro Fujie
 
OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)
OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)
OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)Masaya Tahara
 
乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)
乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)
乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)NTT DATA Technology & Innovation
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較Akihiro Suda
 
Azure API Management 俺的マニュアル
Azure API Management 俺的マニュアルAzure API Management 俺的マニュアル
Azure API Management 俺的マニュアル貴志 上坂
 
【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発
【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発
【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発日本マイクロソフト株式会社
 

Recommandé

KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するHitachi, Ltd. OSS Solution Center.
 
これからのネイティブアプリにおけるOpenID Connectの活用
これからのネイティブアプリにおけるOpenID Connectの活用これからのネイティブアプリにおけるOpenID Connectの活用
これからのネイティブアプリにおけるOpenID Connectの活用Masaru Kurahayashi
 
今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified ID今なら間に合う分散型IDとEntra Verified ID
今なら間に合う分散型IDとEntra Verified IDNaohiro Fujie
 
OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)
OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)
OSS+AWSでここまでできるDevSecOps (Security-JAWS第24回)Masaya Tahara
 
乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)
乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)
乗っ取れコンテナ!!開発者から見たコンテナセキュリティの考え方(CloudNative Days Tokyo 2021 発表資料)NTT DATA Technology & Innovation
 
DockerとPodmanの比較
DockerとPodmanの比較DockerとPodmanの比較
DockerとPodmanの比較Akihiro Suda
 
Azure API Management 俺的マニュアル
Azure API Management 俺的マニュアルAzure API Management 俺的マニュアル
Azure API Management 俺的マニュアル貴志 上坂
 
【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発
【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発
【BS13】チーム開発がこんなにも快適に!コーディングもデバッグも GitHub 上で。 GitHub Codespaces で叶えられるシームレスな開発日本マイクロソフト株式会社
 
OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Foundation Japan
 
Keycloakのステップアップ認証について
Keycloakのステップアップ認証についてKeycloakのステップアップ認証について
Keycloakのステップアップ認証についてHitachi, Ltd. OSS Solution Center.
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版VirtualTech Japan Inc.
 
Zuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne PlatformZuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne PlatformMikey Cohen - Hiring Amazing Engineers
 
KeycloakのDevice Flow、CIBAについて
KeycloakのDevice Flow、CIBAについてKeycloakのDevice Flow、CIBAについて
KeycloakのDevice Flow、CIBAについてHiroyuki Wada
 
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応までDocker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応までMasahito Zembutsu
 
Dockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルDockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルMasahito Zembutsu
 
脱RESTful API設計の提案
脱RESTful API設計の提案脱RESTful API設計の提案
脱RESTful API設計の提案樽八 仲川
 
NGSI によるデータ・モデリング - FIWARE WednesdayWebinars
NGSI によるデータ・モデリング - FIWARE WednesdayWebinarsNGSI によるデータ・モデリング - FIWARE WednesdayWebinars
NGSI によるデータ・モデリング - FIWARE WednesdayWebinarsfisuda
 
Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Mei Nakamura
 
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...Preferred Networks
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜Masaru Kurahayashi
 
マイクロサービスバックエンドAPIのためのRESTとgRPC
マイクロサービスバックエンドAPIのためのRESTとgRPCマイクロサービスバックエンドAPIのためのRESTとgRPC
マイクロサービスバックエンドAPIのためのRESTとgRPCdisc99_
 
Keycloak拡張入門
Keycloak拡張入門Keycloak拡張入門
Keycloak拡張入門Hiroyuki Wada
 
AWS IoTにおけるデバイスへの認証情報のプロビジョニング
AWS IoTにおけるデバイスへの認証情報のプロビジョニングAWS IoTにおけるデバイスへの認証情報のプロビジョニング
AWS IoTにおけるデバイスへの認証情報のプロビジョニングAmazon Web Services Japan
 
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話Hitachi, Ltd. OSS Solution Center.
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
Redmineをちょっと便利に! プログラミング無しで使ってみるREST API
Redmineをちょっと便利に! プログラミング無しで使ってみるREST APIRedmineをちょっと便利に! プログラミング無しで使ってみるREST API
Redmineをちょっと便利に! プログラミング無しで使ってみるREST APIGo Maeda
 
小さなサービスも契約する時代
小さなサービスも契約する時代小さなサービスも契約する時代
小さなサービスも契約する時代Ryo Mitoma
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話Kohei Tokunaga
 
Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Commit University
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupStartit
 

Contenu connexe

Tendances

OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Foundation Japan
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版VirtualTech Japan Inc.
 
KeycloakのDevice Flow、CIBAについて
KeycloakのDevice Flow、CIBAについてKeycloakのDevice Flow、CIBAについて
KeycloakのDevice Flow、CIBAについてHiroyuki Wada
 
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応までDocker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応までMasahito Zembutsu
 
Dockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルDockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルMasahito Zembutsu
 
脱RESTful API設計の提案
脱RESTful API設計の提案脱RESTful API設計の提案
脱RESTful API設計の提案樽八 仲川
 
NGSI によるデータ・モデリング - FIWARE WednesdayWebinars
NGSI によるデータ・モデリング - FIWARE WednesdayWebinarsNGSI によるデータ・モデリング - FIWARE WednesdayWebinars
NGSI によるデータ・モデリング - FIWARE WednesdayWebinarsfisuda
 
Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Mei Nakamura
 
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...Preferred Networks
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜Masaru Kurahayashi
 
マイクロサービスバックエンドAPIのためのRESTとgRPC
マイクロサービスバックエンドAPIのためのRESTとgRPCマイクロサービスバックエンドAPIのためのRESTとgRPC
マイクロサービスバックエンドAPIのためのRESTとgRPCdisc99_
 
Keycloak拡張入門
Keycloak拡張入門Keycloak拡張入門
Keycloak拡張入門Hiroyuki Wada
 
AWS IoTにおけるデバイスへの認証情報のプロビジョニング
AWS IoTにおけるデバイスへの認証情報のプロビジョニングAWS IoTにおけるデバイスへの認証情報のプロビジョニング
AWS IoTにおけるデバイスへの認証情報のプロビジョニングAmazon Web Services Japan
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
Redmineをちょっと便利に! プログラミング無しで使ってみるREST API
Redmineをちょっと便利に! プログラミング無しで使ってみるREST APIRedmineをちょっと便利に! プログラミング無しで使ってみるREST API
Redmineをちょっと便利に! プログラミング無しで使ってみるREST APIGo Maeda
 
小さなサービスも契約する時代
小さなサービスも契約する時代小さなサービスも契約する時代
小さなサービスも契約する時代Ryo Mitoma
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話Kohei Tokunaga
 

Tendances (20)

OpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンスOpenID Connect のビジネスチャンス
OpenID Connect のビジネスチャンス
 
Keycloakのステップアップ認証について
Keycloakのステップアップ認証についてKeycloakのステップアップ認証について
Keycloakのステップアップ認証について
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版
 
Zuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne PlatformZuul @ Netflix SpringOne Platform
Zuul @ Netflix SpringOne Platform
 
KeycloakのDevice Flow、CIBAについて
KeycloakのDevice Flow、CIBAについてKeycloakのDevice Flow、CIBAについて
KeycloakのDevice Flow、CIBAについて
 
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応までDocker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
Docker Compose入門~今日から始めるComposeの初歩からswarm mode対応まで
 
Dockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクルDockerイメージの理解とコンテナのライフサイクル
Dockerイメージの理解とコンテナのライフサイクル
 
脱RESTful API設計の提案
脱RESTful API設計の提案脱RESTful API設計の提案
脱RESTful API設計の提案
 
NGSI によるデータ・モデリング - FIWARE WednesdayWebinars
NGSI によるデータ・モデリング - FIWARE WednesdayWebinarsNGSI によるデータ・モデリング - FIWARE WednesdayWebinars
NGSI によるデータ・モデリング - FIWARE WednesdayWebinars
 
Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較Ingressの概要とLoadBalancerとの比較
Ingressの概要とLoadBalancerとの比較
 
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
Kubernetes Service Account As Multi-Cloud Identity / Cloud Native Security Co...
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
 
マイクロサービスバックエンドAPIのためのRESTとgRPC
マイクロサービスバックエンドAPIのためのRESTとgRPCマイクロサービスバックエンドAPIのためのRESTとgRPC
マイクロサービスバックエンドAPIのためのRESTとgRPC
 
Keycloak拡張入門
Keycloak拡張入門Keycloak拡張入門
Keycloak拡張入門
 
AWS IoTにおけるデバイスへの認証情報のプロビジョニング
AWS IoTにおけるデバイスへの認証情報のプロビジョニングAWS IoTにおけるデバイスへの認証情報のプロビジョニング
AWS IoTにおけるデバイスへの認証情報のプロビジョニング
 
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
Redmineをちょっと便利に! プログラミング無しで使ってみるREST API
Redmineをちょっと便利に! プログラミング無しで使ってみるREST APIRedmineをちょっと便利に! プログラミング無しで使ってみるREST API
Redmineをちょっと便利に! プログラミング無しで使ってみるREST API
 
小さなサービスも契約する時代
小さなサービスも契約する時代小さなサービスも契約する時代
小さなサービスも契約する時代
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話
 

Similaire à RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Commit University
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupStartit
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Servicesmsyukor
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningRui Quintino
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaDocker, Inc.
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and VarlinkJeremy Brown
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...The Incredible Automation Day
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Roberto Hashioka
 
Golab.io
Golab.ioGolab.io
Golab.ior3vit
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015borjaburgos
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavOWASP Delhi
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDeep Shankar Yadav
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides ssarabadani
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesMathias Renner
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see GopherJan Klat
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraDaniel Palstra
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing StashboardDocker, Inc.
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwiliodotCloud
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting targetRoberto Messora
 

Similaire à RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images (20)

Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
 
Docker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech MeetupDocker for Fun and Profit at Startit Tech Meetup
Docker for Fun and Profit at Startit Tech Meetup
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
 
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep LearningDocker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
Docker & Containers for Big Data, Data Science, Machine Learning & Deep Learning
 
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena TapiaFrom Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
From Zero Docker to Hackathon Winner - Marcos Lilljedahl and Jimena Tapia
 
Adventures with Podman and Varlink
Adventures with Podman and VarlinkAdventures with Podman and Varlink
Adventures with Podman and Varlink
 
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
TIAD 2016 : Real-Time Data Processing Pipeline & Visualization with Docker, S...
 
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
Real-Time Data Processing Pipeline & Visualization with Docker, Spark, Kafka ...
 
Golab.io
Golab.ioGolab.io
Golab.io
 
ContainerDays 2015
ContainerDays 2015ContainerDays 2015
ContainerDays 2015
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
 
Fandogh Cloud workshop slides
Fandogh Cloud workshop slides Fandogh Cloud workshop slides
Fandogh Cloud workshop slides
 
Docker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 SlidesDocker In 10 Minutes or 10 Slides
Docker In 10 Minutes or 10 Slides
 
GOTO Paris | @see Gopher
GOTO Paris | @see GopherGOTO Paris | @see Gopher
GOTO Paris | @see Gopher
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
 
Logging & Docker - Season 2
Logging & Docker - Season 2Logging & Docker - Season 2
Logging & Docker - Season 2
 
Docker as a hosting target
Docker as a hosting targetDocker as a hosting target
Docker as a hosting target
 

Plus de Daniel Garcia (a.k.a cr0hn)

Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDDaniel Garcia (a.k.a cr0hn)
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsDaniel Garcia (a.k.a cr0hn)
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceDaniel Garcia (a.k.a cr0hn)
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceDaniel Garcia (a.k.a cr0hn)
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPDaniel Garcia (a.k.a cr0hn)
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasDaniel Garcia (a.k.a cr0hn)
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadDaniel Garcia (a.k.a cr0hn)
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulDaniel Garcia (a.k.a cr0hn)
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressDaniel Garcia (a.k.a cr0hn)
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilDaniel Garcia (a.k.a cr0hn)
 

Plus de Daniel Garcia (a.k.a cr0hn) (20)

Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018Security in AWS Lambdas - NavajaNegra CON 2018
Security in AWS Lambdas - NavajaNegra CON 2018
 
Rooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systemsRooted 2018 - Crawlino: The next level of crawling systems
Rooted 2018 - Crawlino: The next level of crawling systems
 
Ingenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que pareceIngenieria social aplicada: Mucho mas fácil de lo que parece
Ingenieria social aplicada: Mucho mas fácil de lo que parece
 
Ingeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que pareceIngeniería social aplicada: Mucho más fácil de lo que parece
Ingeniería social aplicada: Mucho más fácil de lo que parece
 
Identificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IPIdentificando y rompiendo servicios de las 4 capas de TCP/IP
Identificando y rompiendo servicios de las 4 capas de TCP/IP
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
 
RootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injectionRootedCON 2016 - Broker & MQ injection
RootedCON 2016 - Broker & MQ injection
 
Hacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con PythonHacking y python: Hacking de redes con Python
Hacking y python: Hacking de redes con Python
 
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincherasCybercamp 2015 - Python, hacking y sec-tools desde las trincheras
Cybercamp 2015 - Python, hacking y sec-tools desde las trincheras
 
Tu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridadTu DevOp me da trabajo: Soy auditor de seguridad
Tu DevOp me da trabajo: Soy auditor de seguridad
 
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azulScapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
Scapy: Crear un Frankenstein de red y hacerlo pasar por el príncipe azul
 
Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6Topera: Evadiendo Snort con IPv6
Topera: Evadiendo Snort con IPv6
 
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y WordpressIII Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
III Hack and beers: evadiendo técnicas de fingerprinting en Linux y Wordpress
 
GoLismero: The Web Knife
GoLismero: The Web KnifeGoLismero: The Web Knife
GoLismero: The Web Knife
 
El poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácilEl poder de los reptiles: Hacer herramientas de hacking es fácil
El poder de los reptiles: Hacer herramientas de hacking es fácil
 
Cybercam 2014
Cybercam 2014Cybercam 2014
Cybercam 2014
 
Introduccion muy básica a Python
Introduccion muy básica a PythonIntroduccion muy básica a Python
Introduccion muy básica a Python
 

Dernier

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Dernier (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images