|
|
|
|
|
|
by coredog64
2012 days ago
|
|
|
If you don’t at least drop the sys_module cap, you can install a kernel module [0]. Running as root inside the container increases the risk of a breakout. I’ve seen different approaches at different companies. One bank required a hard-to-get security sign off that included MFA to start (so no automation). A different bank bought expensive monitoring tools and then threw a bunch of money at refining the outputs. [0] https://blog.pentesteracademy.com/abusing-sys-module-capabil... |
|
|