It is also a great mnemonic: "run IT"

This could actually be a pretty accurate insight I think

@@ijustcantseeit yeah when you take a look at the metaverse and what the future holds you'll say its inventable that everyone must learn hacking and security

Pretty much! If you look at when he opens the docker-compose file, you can see that the host’s docker socket is mounted as a volume in the container. By default, volumes are read/write, so the container can create containers on the host

If you look into the software ‘portainer’, this is the way it works!

TryHackMe?

TryHackMe, and/or overthewire, HTB also has academy modules and a starting point module for beginners

Hack the box academy, i am vip user from 1 year.

In this case yes, because the docker container was allowed to spawn other docker containers.

@@ippsec okay crazy, didn't know that

This is why you never run docker in docker if you can help it. When can you expect this irl? With kubernetes, a lot of people are putting their deployment pipelines, CICD infra into kubernetes itself because you get easy "scalability"; each build runs in its own docker container. Injecting code into a build, or finding a poorly configured instance presents a chance you can get code execution into a build container which could end up having the privileges needed. A lot of this has been patched now in most tools but one slip up in configuration and an attacker could find what they need. Can't say much more given Google's acceptable content guidelines. I'll just say that that I evaluated this attack path when considering build tools where I work and this was a real world attack path that came up.

Look in the description, where they should be :) Just busy with an event this weekend and didn't have time to create the timestamps.

Nice - really, really nice!