appsecco/defcon-26-workshop-attacking-and-auditing-docker-containers

Stars
107
Rank 323,587 (Top 7 %)
Language
Created almost 5 years ago
Updated almost 5 years ago

appsecco/defcon-26-workshop-attacking-and-auditing-docker-containers

appsecco

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source

Attacking & Auditing Docker Containers Using Open Source - DEF CON 26

This repository contains all the presentation, documentation and the virtual machine links for hands-on. The workshop abstract in DEF CON 26 website Attacking & Auditing Docker Containers Using Open Source

Presentation & Video

For the PDF, Epub, Mobi versions of the documentation check out releases
The detailed step by step gitbook documentation can be found at gitbook folder
Video presentation of this workshop is presented at OWASP Bay Area Chapter

Feedback/Suggestions

Tweet to me @madhuakula

breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

dvna

Damn Vulnerable NodeJS Application

the-art-of-subdomain-enumeration

This repository contains all the supplement material for the book "The art of sub-domain enumeration"

bugcrowd-levelup-subdomain-enumeration

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

vulnerable-apps

spaces-finder

A tool to hunt for publicly accessible DigitalOcean Spaces

attacking-cloudgoat2

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

dvja

Damn Vulnerable Java (EE) Application

defcon24-infra-monitoring-workshop

Defcon24 Workshop Contents : Ninja Level Infrastructure Monitoring

sqlinjection-training-app

A simple PHP application to learn SQL Injection detection and exploitation techniques.

VyAPI

VyAPI - A cloud based vulnerable hybrid Android App

using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019

json-flash-csrf-poc

This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.

dvcsharp-api

Damn Vulnerable C# Application (API)

practical-recon-levelup0x02

This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd LevelUp 0x02 virtual conference

winmanipulate

A simple tool to manipulate window objects in Windows

opa-traefik-microservice-authz

Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).

raneto-docker

Docker container for Markdown based Raneto Knowledgebase

osint-viz-platform-reconvillage

The repository for Building visualisation platforms for OSINT data using open source solutions

docker-data-science-toolbox

Data Science Command Line Toolbox in a docker container

docker-datasploit

Docker container for datasploit framework

sqlinjectionloginbypass

A simple app to demo SQL Injection login bypass

owasp-threat-dragon-gitlab

OWASP Threat Dragon with Gitlab Integration

kubeseco

Application Security Workflow Automation using Docker and Kubernetes

alldaydevops-aism

All Day DevOps - Automated Infrastructure Security Monitoring and Defence (ELK + AWS Lambda)

devsecops-using-cloudnative-workshop

This repo contains workshop material delivered at #nullcon2020

datasploit-ansible

Ansible Playbook for setting up Datasploit

ansible-module-owasp-zap

Ansible module for OWASP ZAP using Python API to scan web targets for security issues

alldaydevops-shua

This repository contains all the talk materials and ebook from the talk System Hardening Using Ansible given at All Day DevOps 2016 online conference

owasp-webgoat-dot-net-docker

Docker container for running OWASP WebGoat.NET application

nullblr-bachaav-aismd

null Bangalore Public Bachaav 10 December 2016 Automated Infrastructure Security Monitoring & Defence

prowler-aws-securityhub-integration

Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks

c0c0n-2019-ctf-writeups

CTF write-ups from c0c0n 2019 CTF challenges that we participated

bsides-delhi-recon

This repository contains all the material from the talk "Doing recon like it's 2017" given at Bsides Delhi 2017 conference

django-rev-shell

A simple django app to provide a reverse shell when deployed and invoked.

nodejs-google-idp-sample

Presentation with proof of concept code on using Google as Identity Provider for Web API authentication using NodeJS as backend and VueJS as frontend

container-image-scanner-api

A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses

automated-defence-ssh-bruteforce-aws

Source code for Automated Defence - Blocking SSH bruteforce attacks in AWS

secrets-in-google-cloud-run-with-google-cloud-build

Baking secrets in Google Cloud Run containers using Google Cloud Build

owasp-bayarea-adef

asn-search-api

A Golang API over MaxMind ASN database

kubernetes-ptaas-scripts

Scripts to generate kubeconfig files required to perform a PT.

http-basics-docker