Containers Penetration Testing

THREATS, TACTICS AND PROCEDURES TTP

MITRE’S ATT&CK®

Containers Pen Test

Initial Access to the Containers

1. Exploit Public-Facing Applications.
2. External Remote Services.
3. Valid Accounts.





Execution of Containers

1. Container Administration Command.
2. Deploy Container.
3. Scheduled Task/Job.
4. User Execution.

Persistence of Adversaries in the Containers

1. External Remote Services.
2. Implant Internal Image.
3. Scheduled Task/Job.
4. Valid Accounts.





Privilege Escalation in the Containers

1. Escape to Host.
2. Exploitation for Privilege Escalation.
3. Scheduled Task/Job.
4. Valid Accounts.

Defence Evasion of Adversaries in the Containers

1. Impair Defenses.
2. Build Image on Host.
3. Deploy Container
4. Valid Accounts.
5. Indicator Removal of Hosts.
6. Masquerading.





Credential Access in the Containers by Adversaries

1. Brute Force Attacks.
2. InSecure Credentials.

Discovery of Containers by Adversaries

1. Network Service Scanning.
2. Container and Resource Discovery.





Impact on Containers due to Adversarial Attacks

1. EndPoint Denial of Service.
2. Network Denial of Service.
3. Resource Hijacking.