Offensive Docker for CTF, Pentesting and Bug Bounty – VB

Offensive Docker
Offensive Docker is an image with the most used offensive tools to scan your targets and you can launch it easily locally or cloud. I chose docker technology because it allows me create an image and share publicly with the cybersecurity community and run multiples containers to analyze different targets.
The project repository is: Offensive Docker

How was it born?
When I began to learn offensive techniques I needed an environment with the most used tools to scan the targets in few minutes. So, the project provides:
– Portability
– Multiplatform
– Availability

Tools installed categories:
– Ports scanning
– Recon
– Wordlist
– Git repositories
– OWASP
– Brute Force
– Cracking
– OS Enumeration
– Exploits
– Windows
– Reverse shell

Programming languages:
– Go
– NodeJS
– Python
– Php
– Ruby

Services installed:
– Proxy squid.- to receive traffic from your browser or BurpSuite. It helps you to avoid geography restrictions to access to the targets.
– Openvpn.- to access to vpn network from platforms as Hackthebox or Tryhackme and practice offensive techniques.

Considerations:
There are some considerations to run the image, specifically to:
– VPN connections
– Store data
– Expose services
– Mount directories

Image customization
There are some tools where you need to customize the image, so I have created the next repo Docker Offensive Custom with the process to do a personal image with our private configurations like as:
– Use API Keys
– Store history commands.
– Alias or functions environment.

Virtual private server full automation

If you need to run the image in a cloud server I have create the next repo: Offensive Docker VPS to launch the image in Google Cloud Platform or Digital Ocean in a few minutes.
I have used tools like as: terraform and ansible to automate the tasks.

Speakers


Arsenio Aguirre


        KNOWLEDGE               Identity and Access Management - Single Sign On - Cloud Security - API        Security      
         Rest API - Containers - Version control system - Scripting      
        SKILLS               Auth0 - PingIdentity - Amazon Web Services - GSsuite - Jumpcloud      
         Terraform - Docker - NodeJS - Firebase - Git      

Friday Oct 30, 2020 - 04:15 PM CDT

Level 0, Red Team Village

Red Team

Beginner

Briefing 1hr

Docker,AppSec,Exploitation