Skip to content
/ TraceComp Public

Tool to capture containers syscalls and generate a Seccomp profile

License

Apache-2.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xSmiley/TraceComp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

121 Commits
Fuzzer
Fuzzer
 
 
Mitigation
Mitigation
 
 
PoC
PoC
 
 
Tracer
Tracer
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Thesis.pdf
Thesis.pdf
 
 
installs.txt
installs.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Tracer

Solution to capture all the syscalls generated by newly spawned containers and generate a Seccomp Profile whitelisting those captured syscalls.

Mitigation

If you have a working proof of concept you will be able to detect the syscalls that the exploit uses.

Fuzzer

Used to fuzz containers in order to increse the syscalls coverage.

Requirements:

  • Docker
  • Python3
  • Pip3
    • Docker
    • Grpcio
    • Grpcio-tools
    • Argparse

pip3 install -r requirements

PoCs:

PhpMail.
Nginx.
Apache.

Thesis

This project is the result of my thesis at the Information Security Master's Degree.
In case you need more information about this project, you can check out:

Thesis.

About

Tool to capture containers syscalls and generate a Seccomp profile

Topics

trace capture syscalls seccomp bcc seccomp-profile grpcio

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages