Is my Docker container vulnerable to hostPID privilege escalation?

Containers that are running in privileged mode and have the hostPID flag enabled are vulnerable to a privilege escalation and container escape to the host system. This TTP attempts to use nsenter to enter the namespace of the init system process (PID 1) on the host to spawn a root shell. It is important that containers are not running in privileged mode, as adversaries may establish persistence by modifying mounted files, elevate privileges, and escape the container.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is my Docker container vulnerable to cgroup controller escapes?


Escape Docker container via cgroup controller.