This is a follow up from the Custom Seccomp profile post which went through some of the background information. Speed up custom seccomp profile generation with Syscall2seccomp You can always manually track down the syscalls that your application makes, and build a custom seccomp profile for your Docker container, but I’ve created the tool syscall2seccomp that helps speed the profile building process up. It takes the output from sysdig or strace and converts it to a usable Docker profile. It’s up to you to customize it from there.

This post goes through building custom Docker seccomp profiles for your container. I’m not recommending you do this especially in enterprise environments, but I’m being charitable to the idea that system call filtering is the basis of a lot of sandboxing technologies and filtering out unnecessary ones should reduce the attack footprint of your application. This is more of an exploration of use-cases for custom Docker seccomp profiles than a suggestion that everyone does this themselves. Or simply to answer the question: “Why does Docker let you load custom seccomp profiles?”

This post goes into what tor’s onion service authentication features do, how they work, and when they should be used based on your threat model because I couldn’t find any other documentation about it besides reading the spec. “Stealth” only provides “stealthy” properties against malicious HSDirs and basic has some additional obfuscation measures that might make your service better protected. Onion Service Authentication Feature An onion/hidden service supports two types of built in authentication:

One of Docker’s many updates this year was adding seccomp support. In short, seccomp/secomp-bpf is a way of filtering the system calls that you want to allow an application to make. It’s used for sandboxing enforcement it a lot of projects including Chromium, bubblewrap, and SubgraphOS. In Docker, it’s enabled by default (in supported environments) and has a default profile that is fine, but there’s always ways to customize it. (Even you should never do this.)

I’ve written about [customizing PhantomJS to defend against fingerprinting]({{ ref “post/2015-05-18-browser-fingerprinting-attack-and-defense-with-phantomjs2015/05/18/browser-fingerprinting-attack-and-defense-with-phantomjs/” >}}) but I never really looked at what affect Selenium (the driver that control lots of different Browsers) has on the fingerprintability of say something like the Tor Browser Bundle. Some people at the Tor Project are looking into using tor-browser-selenium or the like to automate control of a Tor Browser instance. For tasks like trying to detect whether an exit is manipulating content to the user it would be useful to emulate exactly what a user’s experience would be with TBB.

Continuation from previous posts: 1 and 2 Website Fingerprinting Defenses at the Application Layer I like research projects on subjects that I feel have no hope. So here’s hoping for hope! This research is attempting to specifically defend onion services from being fingerprinted. The most common attack scenario is when an adversary is able to inspect the traffic between the tor client and the network and correlate the amount of traffic sent, to the size of known onion services. I believe this is a very accurate method of identifying the web pages an anonymous user visits.

Continuation from previous post: 1 Waterfilling: Balancing The Tor Network With Maximum Diversity This paper is proposing a new tor circuit path selection algorithm that makes bigger nodes run middle/relay traffic more often and smaller nodes more become exits exits. Apparently the talk included an abridged history of tor’s path selection: 2003: Uniform at random 2004: Introduce bandwidth weighting for performance 2005: add Guards based on Helper nodes 2010: add bandwidth weights to map node capacity into probability of use in different positions (guard, middle, exit) The main goal of this new algorithm is to make very large tor servers (which are a higher risk of being used in a traffic correlation attack because they serve a higher percentage of tor clients) serve more relay traffic, and less guard or exit traffic. Because, if you are going to correlate the traffic of a tor user, the most likely way to do this would be to correlate the traffic at the guard and at the exit and if you had a limited budget, why not target the biggest servers. Making much smaller nodes handle more exit traffic, it’s harder for an adversary to pull off an attack like this. In other words they would have to monitor a lot more systems in (hopefully) geographically disparate and difficult-to-access areas.

The annual Privacy Enhancing Technologies Symposium (PETS) 2017 is a privacy nerd’s dream and has always been on my list to attend. Unfortunately, I did not make it out to Minnesota to attend but all the papers are readily available online so yay, open access! These are my notes about some interesting research presented this year based on the papers that were released and the live tweets that Nick Mathewson was doing during the event.

Summary This blog post is going to show you how to go from exploiting a single container to gaining root on an entire cluster and all nodes. This is caused by a default flaw in the way Kubernetes manages containers. I’m doing a lot more container work at my day job – looking for container breakouts, container infastructure review, and orchestration technologies. I’ve been involved in a few Kubernetes reviews and talked with others in the company about it and there’s one vulnerability that seems to make it into almost every report and yet no one thinks it’s as important as the security folks. So I want to start a dialog.

If you’re like me and want to stand up a quick server that can response on all ports, here’s a quick way to do it. You’ll need a ton of memory to pull this off so setup your machine or VM accordingly. This works for nginx but you’ll have to go through some of the same steps for other services. Linux Ulimits Check current ulimits, hard limits, and soft limits on your current account: ulimit -n ulimit -Hn ulimit -Sn