Hi, I am Stef Bijen I am a 3rd year cybersecurity student at the HVA and in this article, I will tell you about my experience of attending the Dutch Docker night.
In today’s technology landscape, staying ahead of the curve is crucial for students like me, as we prepare to enter the professional world. Emerging technologies like Docker are revolutionizing the way applications are developed, deployed, and managed. It is really important for students to gain hands-on experience in these areas. Docker is quite a new development. So it has not yet been properly implemented within the school curriculum. That means these workshops are essential for improving these skills, to become a more complete cybersecurity expert.
So, let me tell you about this Dutch Docker night. It was a gathering of thirteen students from five different universities in the Netherlands. Two cyber technicians, Vincent and Pieter, gave us a deep dive into Docker.
We started the night with a quick introduction about docker. Vincent and Pieter showed us how Docker works and how it functions within the OS. After a quick dinner break they tought us which risks there are within Docker and how we could exploit these risks.
Now it was time for the fun part, the CTF. The group was divided into 4 teams. Each consisted of around three students. We were given a link to access four containers. The goal was to break out of the container and access the host machine. And it was time to hack! The CTF had four challenges, each linked to one risk within the presentation. It was a nice and tense atmosphere. Every team tried to hack the CTF challenges as fast as possible to come out victorious.
After about 2 hours, our team, team 4, was able to reach the final challenge. We had to abuse the CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH Capability to break out of the container. We found out that there was a known exploit called: Shocker, which we could use to manipulate the password file on the host machine, to break out of the container. After some struggling, we were able to get it to work! And gather root access on the host machine.
For us students who want to get started in cybersecurity, going to workshops like this can be a stepping-stone to success. Docker has become an important part of the modern software engineering landscape, and having hands-on experience with these technologies will really give students a competitive edge. In workshops like these, we can fill in the gaps in knowledge in a way our school cannot.
Also, there was free beer and frikandellen so I would definitely recommend to attend a student workshop night at Secura 😊
If you are interested to attend other workshop hosted by Secura or would like more details about upcoming events, have a look at: https://www.secura.com/news/ev...