VB – Offensive Docker for CTF, Pentesting and Bug Bounty

Offensive Docker
Offensive Docker is an image with the most used offensive tools to scan your targets and you can launch it easily locally or cloud. I chose docker technology because it allows me create an image and share publicly with the cybersecurity community and run multiples containers to analyze different targets.
The project repository is: Offensive Docker

How was it born?
When I began to learn offensive techniques I needed an environment with the most used tools to scan the targets in few minutes. So, the project provides:
– Portability
– Multiplatform
– Availability

Tools installed categories:
– Ports scanning
– Recon
– Wordlist
– Git repositories
– OWASP
– Brute Force
– Cracking
– OS Enumeration
– Exploits
– Windows
– Reverse shell

Programming languages:
– Go
– NodeJS
– Python
– Php
– Ruby

Services installed:
– Proxy squid.- to receive traffic from your browser or BurpSuite. It helps you to avoid geography restrictions to access to the targets.
– Openvpn.- to access to vpn network from platforms as Hackthebox or Tryhackme and practice offensive techniques.

Considerations:
There are some considerations to run the image, specifically to:
– VPN connections
– Store data
– Expose services
– Mount directories

Image customization
There are some tools where you need to customize the image, so I have created the next repo Docker Offensive Custom with the process to do a personal image with our private configurations like as:
– Use API Keys
– Store history commands.
– Alias or functions environment.

Virtual private server full automation

If you need to run the image in a cloud server I have create the next repo: Offensive Docker VPS to launch the image in Google Cloud Platform or Digital Ocean in a few minutes.
I have used tools like as: terraform and ansible to automate the tasks.

Speakers


Arsenio Aguirre


        KNOWLEDGE               Identity and Access Management - Single Sign On - Cloud Security - API        Security      
         Rest API - Containers - Version control system - Scripting      
        SKILLS               Auth0 - PingIdentity - Amazon Web Services - GSsuite - Jumpcloud      
         Terraform - Docker - NodeJS - Firebase - Git      

Friday Oct 30, 2020 - 04:15 PM CDT

Level 0, Red Team Village

Red Team

Beginner

Briefing 1hr

Docker,AppSec,Exploitation