topic What's in your Docker Registry? Secrets? in Tech Talk https://community.isc2.org/t5/Tech-Talk/What-s-in-your-Docker-Registry-Secrets/m-p/32085#M2165 <P>Containerized infrastructure applications have become the de facto standard for fast and easy deployment of security services and other enterprise tools. But something I noticed awhile back while pen testing was that you could discover a lot about the applications logic, configuration, and how it was built by pillaging through the image. I like to look for stored secrets <span class="lia-unicode-emoji" title=":winking_face:">😉</span> Researchers have taken that idea and scaled it so that you can search and pillage entire Docker Registries. If you are into Container security check out this <A href="https://research.nccgroup.com/2020/01/24/tool-release-enumerating-docker-registries-with-go-pillage-registries/" target="_blank" rel="noopener">tool</A>.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="docker registry.png" style="width: 256px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/3780i8DB27239434F8765/image-size/medium?v=v2&amp;px=400" role="button" title="docker registry.png" alt="docker registry.png" /></span></P> Mon, 09 Oct 2023 09:25:09 GMT AppDefects 2023-10-09T09:25:09Z What's in your Docker Registry? Secrets? https://community.isc2.org/t5/Tech-Talk/What-s-in-your-Docker-Registry-Secrets/m-p/32085#M2165 <P>Containerized infrastructure applications have become the de facto standard for fast and easy deployment of security services and other enterprise tools. But something I noticed awhile back while pen testing was that you could discover a lot about the applications logic, configuration, and how it was built by pillaging through the image. I like to look for stored secrets <span class="lia-unicode-emoji" title=":winking_face:">😉</span> Researchers have taken that idea and scaled it so that you can search and pillage entire Docker Registries. If you are into Container security check out this <A href="https://research.nccgroup.com/2020/01/24/tool-release-enumerating-docker-registries-with-go-pillage-registries/" target="_blank" rel="noopener">tool</A>.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="docker registry.png" style="width: 256px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/3780i8DB27239434F8765/image-size/medium?v=v2&amp;px=400" role="button" title="docker registry.png" alt="docker registry.png" /></span></P> Mon, 09 Oct 2023 09:25:09 GMT https://community.isc2.org/t5/Tech-Talk/What-s-in-your-Docker-Registry-Secrets/m-p/32085#M2165 AppDefects 2023-10-09T09:25:09Z