Hands-on, cloud-based Container and Docker Security training. Two intensive days covering isolation fundamentals, breakout, image supply-chain attacks and hardening.
Containers run most modern DevOps workloads, but a misconfigured mount, an over-privileged container or a poisoned base image can give an attacker the host. This workshop walks through the real attack surface of container runtimes like Docker and Podman, and through the measures that reduce it. Every topic comes with a hands-on challenge in a ready-to-use cloud lab, so participants attack and defend real containers instead of only listening to theory.
The training follows the threats. Each module covers a specific container threat category, such as privilege escalation, container breakout, poisoned images, compromised secrets and denial of service, and then shows the matching hardening measure.
This is also directly relevant to running AI safely. Correct container isolation is part of hardening AI usage. When AI agents, LLM tooling or generated code run inside containers, proper isolation (no privileged containers, no insecure host mounts, dropped capabilities, enforced seccomp profiles) is what stops an untrusted or compromised workload from reaching the host. Weak isolation gives only the appearance of a sandbox; done correctly, it provides a reliable boundary for AI-driven workloads.
Format & Delivery
- Duration: 1 or 2 days (roughly 09:00 to 17:20 each day)
- Delivery: Instructor-led, hands-on, cloud-based lab with pre-provisioned VMs and a container registry. No local setup required.
- Style: Short input sessions followed by practical attack and defend challenges and joint debriefs
- Group: Small-group, interactive
Who Should Attend
- DevOps and platform engineers running containerised workloads
- Software developers building and shipping container images
- Security engineers and architects responsible for container and CI/CD security
- System administrators operating Docker hosts
Prerequisites
- Working knowledge of the Linux command line
- Basic familiarity with Docker (images, containers,
docker run,docker-compose) - No prior security experience required. The threat model is built up during the workshop.
What You Will Learn
- How container isolation works in practice (namespaces, the shared kernel, Linux capabilities, cgroups) and where it breaks
- How attackers achieve container breakout through insecure host mounts, privileged containers and host filesystem access
- How privilege escalation happens via root processes, dangerous capabilities and SETUID/SETGID binaries
- How to evaluate images for provenance, age and vulnerabilities, and scan for CVEs with current tooling
- How secrets leak through images, parameters and public exposure, and how to store them safely
- How supply-chain attacks trojanize images and plant reverse shells, and how signing and registry trust defend against them
- How denial-of-service attacks exhaust host CPU, RAM, filesystem and network resources, and how to contain them with limits and quotas
- How to harden containers with dropped capabilities and seccomp profiles, and how to baseline and detect against a known-good benchmark
- Why correct container isolation is part of hardening AI usage, providing a reliable sandbox boundary for AI agents, LLM tooling and AI-generated code
Tools You Will Use
Docker and docker-compose, buildah, skopeo, dive, Trivy, seccomp profiles, Linux capabilities, and a pre-built cloud attack and defend lab.
Agenda
Day 1: Foundations, Isolation and Breakout
- Welcome and lab setup: workshop goals, cloud lab and registry orientation
- DevOps and IT Security: the container threat landscape (overview of all threat categories)
- Container concepts refresher: images, runtime, registry, docker-compose
- Namespaces hands-on: Mount, Network and IPC isolation
- Shared kernel: Kernel features in containers
- User namespaces and Linux capabilities: root processes, NET_RAW, dropping capabilities
- Challenge: Rail Gun / Rail Gun Non-Root: breakout via insecure host-path volume mounts, with root-cause debrief
- Challenge: Ion Cannon / Mount Host Hard Disk: host filesystem access and privileged containers, with impact debrief
- SETUID/SETGID and daemon vulnerabilities: privilege escalation to the host
- Challenge: Image Evaluation: layers, provenance and base-image age using buildah, skopeo and dive
- Wrap-up and Q&A
Day 2: Images, Secrets, Denial of Service and Hardening
- Recap of Day 1
- Image vulnerabilities and CVE scanning: outdated and infected images
- Challenge: CVE scanning with Trivy / ShellShock: CVE-2014-6271 leading to RCE, defacement and network discovery
- Challenge: Wrong Secrets: several sub-challenges on secrets in images, parameters and public access, with safe-storage debrief
- Challenge: Trojanize an image: plant a reverse shell in a supply-chain attack, with provenance, signing and registry-trust debrief
- Challenge: Fragmentation and Smoke Bang Grenades: host resource exhaustion across network, filesystem, RAM and CPU, with limits, cgroups and quotas debrief
- Baseline and detection: benchmarking the Docker environment and forensic analysis (E-Web-Blaster)
- Hardening: Seccomp vs. Capabilities: dropping capabilities versus seccomp profiles
- Challenge: Force Pike: apply and test seccomp profiles and capability restrictions
Outcome
After two days, participants understand how container isolation works, can reproduce the main container attacks in a lab, and can apply the hardening measures that prevent them in production: capability dropping, seccomp, resource limits, image provenance and secret management.
Methodology
Learning by doing is one of the most important paradigms. More about the training methodology here.
Preparation
Participants each use a prepared training instance in the cloud. This means that there is no setup effort during the training! An SSH client such as Putty is required.
Prior knowledge of container technologies such as Docker is recommended, e.g. completion of the play-with-docker beginner training.
Containers are using existing Linux mechanisms, basic Linux knowledge is needed. Completion of Ryan’s Linux tutorial is recommended.
Trainer
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.
Arrange a free initial consultation

