TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsorship
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • Call for Papers 2023
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
  • TyphoonPWN
BUY TICKETS

“Multiple vulnerabilities found in Docker Desktop named pipes and how a low-privileged
user can get a SYSTEM shell by exploiting those vulnerabilities”

eviatar-gerzi

About the trainer:

Eviatar Gerzi is a Sr. Security Researcher at CyberArk. He worked in a range of professions in the security industry (malware analysis, security researcher, mobile hacking, etc.). During this time, he developed open-source projects (security tools). His projects include: Ketshash, Manifesto, KubiScan, Kubeltctl, and Kubesploit. His current research is on DevOps security, focusing on Docker and Kubernetes.

Talk overview:

In this talk, we’ll show how Windows container research took a different turn, and we found multiple insecure APIs through a named pipe that led to numerous privilege escalation vulnerabilities.

Before we jump into the vulnerabilities, we’ll explain how Docker Desktop creates an environment for Windows containers and cover its named pipes.
We’ll show the research process to find an interesting named pipe that exposed large API functions. We will show how we exploited some of the API functions and how we were able to gain a full privilege escalation to NT\System.
We’ll finish by demonstrating (a live demo) how an attacker with low privileges can get a SYSTEM shell and summarize how it was fixed.

This research yields six vulnerabilities, 2 of them are full privilege escalation from low user to SYSTEM, the rest are arbitrary read\write LPEs.

BUY TICKETS
  • Facebook
  • Twitter
  • Linkedin
  • Email