Nody´s blog

Pentesting Cloud Sandboxes in the wild

Matthias Luft & Jan Harrie, Bsides Munich, Munich/Virtual, Germany


Building on last year’s explanation of container workings under the hood (Fucking Containers - how do they work?), we explain several techniques for breaking out of misconfigured containers/container hosts. We will discuss the most common misconfigurations (such as extensive container privileges, exposed network services, mounted sockets, internal cluster privileges) and how to test for them. For each discussed attack vector, we will show how it can be automated (and integrated into build pipelines) using a tool of choice. Finally, a comparison of the well known container execution platforms (AWS, Azure,, GCP, Heroku) will be presented.


  • Short Container Re-Cap (make sure to be familiar with Fucking Containers - how do they work?)
  • Attack Vectors
    • Container Privileges
    • Network Services (Generic, Cloud, Cluster)
    • Cluster Privileges
    • Sockets
  • Testing how-to with botb and amicontained
  • Cloud Platform comparison
  • Conclusions