Offensive Docker for CTF, Pentesting and Bug Bounty – VB
Offensive Docker
Offensive Docker is an image with the most used offensive tools to scan your targets and you can launch it easily locally or cloud. I chose docker technology because it allows me create an image and share publicly with the cybersecurity community and run multiples containers to analyze different targets.
The project repository is: Offensive Docker
How was it born?
When I began to learn offensive techniques I needed an environment with the most used tools to scan the targets in few minutes. So, the project provides:
– Portability
– Multiplatform
– Availability
Tools installed categories:
– Ports scanning
– Recon
– Wordlist
– Git repositories
– OWASP
– Brute Force
– Cracking
– OS Enumeration
– Exploits
– Windows
– Reverse shell
Programming languages:
– Go
– NodeJS
– Python
– Php
– Ruby
Services installed:
– Proxy squid.- to receive traffic from your browser or BurpSuite. It helps you to avoid geography restrictions to access to the targets.
– Openvpn.- to access to vpn network from platforms as Hackthebox or Tryhackme and practice offensive techniques.
Considerations:
There are some considerations to run the image, specifically to:
– VPN connections
– Store data
– Expose services
– Mount directories
Image customization
There are some tools where you need to customize the image, so I have created the next repo Docker Offensive Custom with the process to do a personal image with our private configurations like as:
– Use API Keys
– Store history commands.
– Alias or functions environment.
Virtual private server full automation
If you need to run the image in a cloud server I have create the next repo: Offensive Docker VPS to launch the image in Google Cloud Platform or Digital Ocean in a few minutes.
I have used tools like as: terraform and ansible to automate the tasks.
Speakers
Arsenio Aguirre
I am husband and dad. I have more than 10 years of experience in the cybersecurity field, being my expertise on Identity and Access Management. I have participated in different webinars talking about Json Web Token standard and how to use it to protect APIs. Currently I am immersed in offensive security, I am learning and practicing pentesting and web hacking and why not practice with bug bounty programs where we have real targets to exploit vulnerabilities.
Level 0, Red Team Village
Red Team
Beginner
Briefing 1hr
Docker,AppSec,Exploitation