Is my Docker container vulnerable to RDMA cgroup controller escape?
Containers that are running in privileged mode or with SYS_ADMIN capability may be vulnerable to a privilege escalation and container escape. This TTP attempts to mount the RDMA cgroup controller and configure the release_agent to execute an arbitrary script as the root user. It is important that containers are not running in privileged mode, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)