DEV Community

Mark0
Mark0

Posted on

Pandora’s Container Part 1: Unpacking Azure Container Security

This article explores the security landscape of Azure Container Services, focusing specifically on the attack surface of Azure Container Registries (ACR) and Container Instances (ACI). It highlights how common misconfigurations, such as enabled admin keys and excessive RBAC permissions like Contributor or AcrPush, can allow an attacker to steal proprietary images, inject backdoored containers, or hijack deployments through tag overwriting.

The author demonstrates advanced exploitation techniques, including modifying ACR Tasks to abuse managed identities for secret retrieval from Key Vaults. A significant portion of the guide is dedicated to a custom exfiltration method that embeds IMDS token theft directly into a Dockerfile's entrypoint. This approach bypasses common network restrictions that might block traditional reverse shells, allowing for successful credential harvesting and command execution via webhooks and ngrok tunnels.


Read Full Article

Top comments (0)