Namish namishelex01

Attack Chains: Step-by-Step Exploits (Containers + Kubernetes)

“In theory, theory and practice are the same. In production, attackers get a vote.”
These chains are realistic sequences attackers use. They’re written from a defender’s perspective: entry → escalation → persistence → impact → detection points.

Chain 1 — “The Docker Socket Is My Root Shell”

Theme: Mounting docker.sock (or other runtime socket) turns a container into a host admin.

Kubernetes Security — Detailed Notes (Basic → Advanced)

1. Core Kubernetes Security Principles

1.1 Kubernetes is an API-driven operating system

Kubernetes behaves like a distributed OS where the API server is the system call interface.

Linux Kernel Evolution — Container Security Interview Q&A (Intermediate → Expert)

1. Kernel Architecture & Threat Modeling

Q1. From a kernel perspective, what actually enforces container isolation?

Answer: Container isolation is enforced by multiple independent kernel subsystems, not a single boundary:

Namespaces restrict visibility (what a process can see)

History of Containers (Through a Security Engineer’s Lens)

“Those who forget history are doomed to repeat it — usually in production.”
This document traces the evolution of containers, focusing not on hype, but on what actually broke, why it broke, and what attackers really abused.

Container Runtime Security-2025-12-17-201354

	#!/usr/bin/env bash
	# bb-min-setup.sh — Minimal bug bounty setup for Raspberry Pi 5 (Raspberry Pi OS 64‑bit, ARM64)
	# Focus: web app recon + vuln discovery ONLY (no pentest/forensics/heavy stuff).
	# PEP 668 safe (pipx / per-tool venvs). Prefers official linux_arm64 binaries to avoid Go-compat hiccups.
	# Idempotent: safe to re-run.

	set -euo pipefail

	if [[ $EUID -eq 0 ]]; then
	echo "Run as a normal user (will sudo as needed), not root." >&2

	# world.gd

	extends Node2D
	class_name World

	const TILE_SIZE = 32
	const SEA_LEVEL = 0.0
	const RENDER_DISTANCE = 16.0

	@export var altitude_noise: FastNoiseLite

	import socket
	import ipaddress
	import json
	import time

	def save_results(results):
	with open("last_scan_results.json", "w") as file:
	json.dump(results, file)

	def load_results():

	import PyPDF2
	from PIL import Image

	def mergePdfs():
	pdfs = ['sf_1.pdf', 'sf_2.pdf']

	merger = PyPDF2.PdfFileMerger()

	for pdf in pdfs:
	merger.append(pdf)

	What are the consequences if private keys of a Root CA gets compromised?
	If you have rogue certificates of a well-known company, as an attacker, how can you use it for you own benefit?
	As a security threat analyst, what will be your approach to respond to this incident? Securing Infra, servers and people!
	> https://darknetdiaries.com/transcript/3/

	How would you check the signature of a binary and restrict any unsigned binaries to run on a machine(Win/Linux/Mac)
	> https://docs.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
	> (Rogue) https://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/

	How can I restrict the normal user to run only limited set of commands in Linux?

	https[:]//docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2
	https[:]//blahcat.github.io/2019/03/17/small-dumps-in-the-big-pool/
	https[:]//www.fuzzysecurity.com/tutorials/16.html
	https://blog.ropnop.com/hosting-clr-in-golang/
	https[:]//evasions.checkpoint.com/
	http[:]//www.catb.org/esr/faqs/hacker-howto.html
	https[:]//vx-underground.org/
	http[:]//sq.ro/malwarez.htm#
	https[:]//github.com/d30sa1/RootKits-List-Download
	https[:]//github.com/christian-roggia/open-myrtus