Skip to content

Docker

Docker packages applications in lightweight containers
Containers share the host kernel so they're far more efficient than VMs (seconds to start , megabytes of overhead) making them ideal for tool deployment , testing environments , and CI/CD pipelines

Containers vs VMs

VMs:
| App A | App B | App C |
| Guest OS | Guest OS | Guest OS |
| Hypervisor |
| Host OS |

Containers:
| App A | App B | App C |
| Docker Engine |
| Host OS (shared kernel) |

Key Docker Concepts

  • Image - Read-only template (like ISO or VM snapshot)
  • Container - Running instance of an image
  • Dockerfile - Recipe for building an image
  • Volume - Persistent storage (survives container restarts)
  • Network - How containers communicate
  • Registry - Image repository (Docker Hub, private registry)

Essential Commands

# Image management
docker pull ubuntu:latest        # Download image
docker images                     # List images
docker rmi image_name             # Remove image
docker build -t myapp:v1 .       # Build from Dockerfile

# Container management
docker run -it ubuntu bash       # Interactive container
docker run -d -p 80:80 nginx    # Detached with port mapping
docker ps                         # Running containers
docker ps -a                      # All containers
docker stop container_id
docker rm container_id
docker exec -it container bash   # Exec into running container

# Cleanup
docker system prune               # Remove unused containers/images
docker system prune -a            # Nuclear cleanup

Dockerfile Basics

FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
CMD ["python", "app.py"]

Docker for Security Work

# Quick Kali in Docker
docker run -it kalilinux/kali-rolling bash

# Metasploit in Docker
docker run -it metasploitframework/metasploit-framework bash

# Web testing environment
docker run -d -p 8080:80 vulnerables/web-dvwa

# Network testing
docker run -it --network=host alpine ping 8.8.8.8

# Malware analysis sandbox
docker run --rm -it --cap-drop=ALL --network=none ubuntu:latest bash

Docker Compose for Multi-Container Setups

version: '3'
services:
  web:
    image: vulnerables/web-dvwa
    ports:
      - "8080:80"
  db:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: password

Docker Security

  • Containers share host kernel (compromise can affect host)
  • Root in container is root on host by default (use --user flag)
  • Network isolation is namespaced (can be bridged to host)
  • Images can contain malware (verify sources)
  • Use --cap-drop=ALL for least privilege
  • Scan images with docker scan