Container Security

A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

A Terraform module that provides a compliance-focused AWS EKS setup with security hardening for PCI-DSS, SOC2, and HIPAA requirements.

Docker-based honeypot setup with detailed installation and configuration instructions.

kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.

A honeypot tool emulating HL7 / FHIR protocols with various installation and customization options.

A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.

Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.

Romana automates cloud-native network isolation and distributed firewall policies for Kubernetes and OpenStack environments using topology-aware IPAM without overlays.

CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.

A collection of tips and tricks for container and container orchestration hacking and security testing.

A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.

Weave Scope is a real-time visualization and monitoring tool that automatically maps Docker container infrastructures and microservices, providing interactive topology views and direct container management capabilities.

Kiam is a Kubernetes agent that allows Pods to assume AWS IAM roles, though it is being deprecated in favor of AWS' official IAM roles for Service Accounts solution.

A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.

A live archive of DEF CON CTF challenges, vulnerable by design, for hackers to play safely.

A security framework for process isolation and sandboxing based on capability-based security principles.

An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.

A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.

Firejail is a Linux sandbox program that isolates untrusted applications using kernel namespaces, seccomp-bpf, and capabilities to reduce security breach risks.