containerd socket exploitation part 2
This is the second part of my series on containerd socket exploitation. The first part in the series is here, which covered how to exploit the containerd socket using the ctr command line tool.
containerd socket exploitation part 1
A common technique used by attackers in containerised environments is exploitation of the container runtime socket to move laterally or escalate privileges. This socket can be accessed by attackers when the socket is exposed directly in an exploited container or when the the attacker can access the containing hosts file system, usually with root privileges.
More …