Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Docker internal HTTP API is used to control most of Docker. Exposing this is an automatic game over in terms of container security. This is because you can start a privileged container that has access to the full host.

The author of this post was internally mapping the localhost interface on the VM out of paranoia on Docker Desktop for Windows. While doing this, they found that they could access the Docker API from the container.

This exploit is so bad that it works from an SSRF vulnerability. It's fascinating that this issue has existed for so long without being noticed before. According to the author, Docker doesn't have a security program, which may be part of the reason this is the case. Regardless, fantastic impact on this bug!