Docker containers that are running in privileged mode may be vulnerable to a container escape. This TTP checks whether the container is running in privileged mode by searching for the /dev/mem folder, which is normally only accessible while running in privileged mode. It is important that containers are not running in privileged mode, as they may mount the host filesystem, elevate privileges, and escape the container.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.