Hi [[ session.user.profile.firstName ]]

Inside a Docker Cryptojacking Exploit

Docker containers are often used to create developer sandbox environments. Because Docker containers can be lightweight, ephemeral infrastructure, they’re a natural fit for building sandboxes. While Docker is great at managing the lifecycle of these workloads, it’s not a security tool.

In this webinar, Ethan Hansen, Security Analyst for Threat Stack’s Cloud Security Operations Program, will discuss recently observed Docker exploit attempts from the field, where attackers were looking for web applications vulnerable to command injection. He’ll also provide examples of what to watch for in your logs, cryptojacking and container breakout attempts among them.
Recorded Nov 15 2018 30 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ethan Hansen, Threat Stack Security Analyst
Presentation preview: Inside a Docker Cryptojacking Exploit

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Inside a Docker Cryptojacking Exploit Recorded: Nov 15 2018 30 mins
    Ethan Hansen, Threat Stack Security Analyst
    Docker containers are often used to create developer sandbox environments. Because Docker containers can be lightweight, ephemeral infrastructure, they’re a natural fit for building sandboxes. While Docker is great at managing the lifecycle of these workloads, it’s not a security tool.

    In this webinar, Ethan Hansen, Security Analyst for Threat Stack’s Cloud Security Operations Program, will discuss recently observed Docker exploit attempts from the field, where attackers were looking for web applications vulnerable to command injection. He’ll also provide examples of what to watch for in your logs, cryptojacking and container breakout attempts among them.
  • How to Spend Your Security Budget in a DevOps World Recorded: Nov 8 2018 23 mins
    Mark Moore, Threat Stack Sr. Security Engineer, Kevin Durkin, CFO, and Natalie Walsh, Product Specialist
    Threat Stack’s latest report reveals that security budgets will increase by nearly 20% in the next two years - yet 96% of organizations believe they need more to be effective in keeping pace with devops.

    In this session, Threat Stack Security Engineer, Mark Moore, and CFO, Kevin Durkin, will discuss the current state of security processes and investments as organizations shift to the cloud. Learn how to build a scalable security program that fits your organization’s budget. Join us on November 8th at 1pm ET to learn more about:

    - Aligning your security budget with your most targeted threats
    - Minimizing risk introduced by development teams
    - Vendor evaluation processes for maximum ROI
  • Container Security: Taking a Layered Approach to Infrastructure Security Recorded: Oct 25 2018 48 mins
    Fernando Montenegro, 451 Research Senior Analyst and Security Technologist and Threat Stack's Nathan Cooprider
    Container technologies such as Docker and Kubernetes create massive efficiencies for operations teams, and are, importantly, fun for developers to use. The downside: more IP-addressable containers create greater attack surface for compromising host OS.

    As your containers live, die, and move around – it is important to take a holistic approach to securing each layer of cloud infrastructure. Tune in on October 25th at 1pm ET to hear from 451 Analyst and Threat Stack Security Engineer on:

    - Infrastructure trends and container primitives
    - Pinning down runtime container security
    - Mastering the container control plane and navigating Kubes
  • Inside an Enterprise Breach in a Public Cloud Environment Recorded: Oct 22 2018 46 mins
    Sam Bisbee, CSO, at Threat Stack
    With the visibility provided by the Threat Stack Cloud Security Platform®, the Threat Stack Security team has the unique ability to observe user, system and file trends across cloud infrastructure, to see how bad actors are attempting to exploit it. Over the past year, the team has observed strong evidence of increasing sophistication of public cloud attacks. Although simpler methods, like exploiting S3 buckets or utilizing mass botnet activity, are still popular as ever, attackers are increasingly using multi-step attacks to traverse infrastructure in search of sensitive customer information and company crown jewels.

    In this session, Threat Stack CSO Sam Bisbee will walk through the steps of a recent customer breach while discussing trends in the rising sophistication of public cloud actors and how to monitor your own infrastructure for these threats.
  • Build a DevSecOps Unicorn for the Cloud Recorded: Oct 4 2018 29 mins
    Martin Rues, CISO at Outreach
    The modern security professional is somewhat of a Unicorn – needing expertise in devops, security, and cloud infrastructure. Outreach’s CISO, Martin Rues, knew finding a candidate with the right combination of skill sets would be a time-consuming exercise with low yield.

    Despite not making a single security hire in 2017, Martin was able to tune down security alerts, achieve ISO27001 and SOC 2 Type 2 compliance, and develop a container security strategy all in the same year. Learn about Martin’s unique approach to coping with the security talent shortage by leveraging a Cloud SecOps program in this webinar on Thursday October 4th at 11am EST.
  • How to Build and Mature a SecOps Program in the Cloud Recorded: Jul 19 2018 40 mins
    Pete Cheslock, Threat Stack's Head of Ops and Pat Cable, Threat Stack's Sr. Infrastructure Security Engineer
    Scaling your business is hard, but scaling your business securely is even harder. While modern cloud infrastructure has fostered speed and innovation through DevOps, security still lags behind. When it comes to securing modern infrastructure, achieving your cloud security objectives should not mean sacrificing good operations principles for good security principles, or vice versa.

    In this webinar, Threat Stack’s Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable, will discuss what it takes to bring good security and good operations into alignment. They will offer practical advice to help you build and mature a cloud secops program for your Organization

    - Understand how cloud security differs from traditional, on premise security frameworks
    - Learn the five core SecOps principles that will help fortify your cloud infrastructure
    - Develop a comprehensive understanding of cloud secops best practices, including both technology and team management
  • How to Achieve Type 2 SOC 2 with Zero Exceptions Recorded: Jun 28 2018 46 mins
    Pete Cheslock, Threat Stack's Head of Ops and Pat Cable, Threat Stack's Sr. Infrastructure Security Engineer
    Achieving Type 2 SOC 2 compliance with zero exceptions was no easy feat for us. However, rather than implementing stringent security protocols at every point of production, we made SOC 2 work for us – the Threat Stack way.

    Join Threat Stack’s Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable to hear about their joint SOC 2 journey and the innovations created along the way (including a Change Management tool called ‘SockemBot’).

    Key points:
    - The infamous SockemBot, ticketing workflows, and other SOC 2 innovations
    - Developer-approved (!) operational changes for code and ticket mapping
    - The benefits we get to reap now, beyond SOC 2 fame
  • Pick Any Three: Good, Fast, or Safe. DevOps from Scratch Recorded: Jun 26 2018 41 mins
    Pete Cheslock, Threat Stack’s Head of Ops
    If you ask ten people to define DevOps, you’ll likely get a dozen different answers. Somehow it’s 2018 and we still can’t agree on what DevOps is, only what it looks like. The truth is that successful DevOps implementations require hard work over long periods of time.


    DevOps at Threat Stack is a survival mechanism – it’s how we turn ideas into reality quickly and safely. Learn how we design our telemetry system to support useful, actionable metrics and the steps we take to level up our engineers, giving them the necessary accountability to truly own the applications they build.


    Tune in to learn concrete ideas you can take home to improve how work gets done within your organization including:

    - Engineering for rapid change
    - Measuring and optimizing system health
    - Making engineers accountable
  • T-72 Hours to Report a Breach: Are you GDPR Ready? Recorded: Feb 15 2018 44 mins
    Paul-Johan Jean, GDPR Legal Consultant at Sphaerist Advisory and Hank Schless, Product Marketing Manager at Threat Stack
    May 25th, 2018, the day that Europe’s General Data Protection Regulations (GDPR) comes into effect, is fast approaching. Many US companies are behind the curve in determining whether and how GDPR applies to them and figuring out what to do about it.

    Paul-Johan Jean, a GDPR legal consultant at Sphaerist Advisory, works with US companies to cut through the ambiguity and paralysis and get ready. Tune in on 2/15 at 1 PM EST to learn from this GDPR expert on how to:

    -Dispel myths around the new regulation
    -Take a practical, manageable and cost-effective approach to dealing with GDPR
    -Identify resources that can help you comply with various requirements, such as record keeping or data breach notification
  • 5 security questions your SaaS business should be prepared to answer in 2018 Recorded: Jan 30 2018 49 mins
    Sam Bisbee, CSO of Threat Stack
    Meltdown and Spectre are hitting headlines across the world – creating blurred lines between hype and the technical reality. As a SaaS company, your bottom line depends on the availability of your product, security of your customer data, and the trust of your customers - so you will rightfully have some tough questions about security. If you're a security, technology, or product leader, you’ll need to instill confidence that your business won’t suffer from the reputation damage or operational disruption as a result of the next big breach.

    In this webinar, you’ll hear from Sam Bisbee, CSO at Threat Stack, about the top 5 security questions your organization should be prepared to answer in 2018. Here are just some of the questions that will be answered:

    1. Are we protected against Spectre and Meltdown vulnerabilities?
    2. What is our plan to become GDPR compliant?
    3. Are we looking to become SOC2 compliant?
    4. … Tune in to learn more!
  • Lean Cloud Security: Your Guide to SecOps Efficiency in the Cloud Recorded: Dec 14 2017 42 mins
    Chris Gervais, VP of Engineering at Threat Stack, Sabino Marquez, CISO, at Allocadia
    You’re a security professional, or not, but sometimes get asked to sort of be one? You don’t have enough people, you don’t have enough budget, and you don’t have enough time. But you know that’s not an acceptable excuse now that we are all running fast in the cloud.

    Tune into our webinar to learn how you can make the most of your people, processes, and technology:
    - Despite security talent shortage, leverage your small team and other resources most effectively.
    - Make sure automated processes handle 99% of the noise, so you’re left to manage real threats.
    - Buy and manage the least amount of tools to do the most
All Things Security, Compliance, and Cloud
Threat Stack provides an integrated cloud intrusion detection platform that enables security and operations reduce cybersecurity risk and achieve compliance.

This channel is aimed at empowering security, IT, and devops professionals with intelligence on cloud security, compliance, and devsecops practices and considerations.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Inside a Docker Cryptojacking Exploit
  • Live at: Nov 15 2018 6:00 pm
  • Presented by: Ethan Hansen, Threat Stack Security Analyst
  • From:
Your email has been sent.
or close