FROM NOVICE TO NINJA: MY EXPERIENCE AS A STUDENT ATTENDING THE DUTCH DOCKER NIGHT HOSTED BY SECURA

By Stef Bijen

Hallo, ik ben Stef Bijen, derdejaars cybersecuritystudent aan de HVA. In dit artikel deel ik mijn ervaring met de Nederlandse Docker avond.

In today’s technology landscape, staying ahead of the curve is crucial for students like me, as we prepare to enter the professional world. Emerging technologies like Docker are revolutionizing the way applications are developed, deployed, and managed. It is really important for students to gain hands-on experience in these areas. Docker is quite a new development. So it has not yet been properly implemented within the school curriculum. That means these workshops are essential for improving these skills, to become a more complete cybersecurity expert.

So, let me tell you about this Dutch Docker night. It was a gathering of thirteen students from five different universities in the Netherlands. Two cyber technicians, Vincent and Pieter, gave us a deep dive into Docker.

We started the night with a quick introduction about docker. Vincent and Pieter showed us how Docker works and how it functions within the OS. After a quick dinner break they tought us which risks there are within Docker and how we could exploit these risks.

Now it was time for the fun part, the CTF. The group was divided into 4 teams. Each consisted of around three students. We were given a link to access four containers. The goal was to break out of the container and access the host machine. And it was time to hack! The CTF had four challenges, each linked to one risk within the presentation. It was a nice and tense atmosphere. Every team tried to hack the CTF challenges as fast as possible to come out victorious.

After about 2 hours, our team, team 4, was able to reach the final challenge. We had to abuse the CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH Capability to break out of the container. We found out that there was a known exploit called: Shocker, which we could use to manipulate the password file on the host machine, to break out of the container. After some struggling, we were able to get it to work! And gather root access on the host machine.

For us students who want to get started in cybersecurity, going to workshops like this can be a stepping-stone to success. Docker has become an important part of the modern software engineering landscape, and having hands-on experience with these technologies will really give students a competitive edge. In workshops like these, we can fill in the gaps in knowledge in a way our school cannot.

Also, there was free beer and frikandellen so I would definitely recommend to attend a student workshop night at Secura 😊

Image in image block