From 49692a384a9e1121e0ceddb00bb10a3a9bd1ac3a Mon Sep 17 00:00:00 2001 From: Jsn Yrty <90983337+tragulum@users.noreply.github.com> Date: Mon, 8 Jan 2024 16:57:38 -0500 Subject: [PATCH 1/2] Update abusing-container-registry.md Added additional info on the original research that predated LaVie's by 3 years. --- content/aws/exploitation/abusing-container-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/aws/exploitation/abusing-container-registry.md b/content/aws/exploitation/abusing-container-registry.md index 00d3e261e..cb7e6ea74 100644 --- a/content/aws/exploitation/abusing-container-registry.md +++ b/content/aws/exploitation/abusing-container-registry.md @@ -13,7 +13,7 @@ hide: --- - [Abusing Elastic Container Registry (ECR) to own AWS environments](https://medium.com/ironsource-tech-blog/abusing-elastic-container-registry-ecr-to-own-aws-environments-47534ad61729) by [Roi Lavie](https://medium.com/@roi.halawi) + [Abusing Elastic Container Registry (ECR) to own AWS environments](https://medium.com/ironsource-tech-blog/abusing-elastic-container-registry-ecr-to-own-aws-environments-47534ad61729) by [Roi Lavie](https://medium.com/@roi.halawi) and (https://medium.com/@mayankshah1607/docker-security-backdooring-images-with-dockerscan-ace5ff65bd39) by [Mayank Shah] for the original Dockerscan backdoor technique. - :material-shield-star:{ .lg .middle } __Required IAM Permissions__ From ec1e49631e7a451fa2971960e459d778a99fbf07 Mon Sep 17 00:00:00 2001 From: Nick Frichette <10386884+Frichetten@users.noreply.github.com> Date: Tue, 9 Jan 2024 16:55:49 -0600 Subject: [PATCH 2/2] Update abusing-container-registry.md Minor formatting change. --- content/aws/exploitation/abusing-container-registry.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/aws/exploitation/abusing-container-registry.md b/content/aws/exploitation/abusing-container-registry.md index cb7e6ea74..2a5a7a2bf 100644 --- a/content/aws/exploitation/abusing-container-registry.md +++ b/content/aws/exploitation/abusing-container-registry.md @@ -13,7 +13,8 @@ hide: --- - [Abusing Elastic Container Registry (ECR) to own AWS environments](https://medium.com/ironsource-tech-blog/abusing-elastic-container-registry-ecr-to-own-aws-environments-47534ad61729) by [Roi Lavie](https://medium.com/@roi.halawi) and (https://medium.com/@mayankshah1607/docker-security-backdooring-images-with-dockerscan-ace5ff65bd39) by [Mayank Shah] for the original Dockerscan backdoor technique. + - [Abusing Elastic Container Registry (ECR) to own AWS environments](https://medium.com/ironsource-tech-blog/abusing-elastic-container-registry-ecr-to-own-aws-environments-47534ad61729) by [Roi Lavie](https://medium.com/@roi.halawi) + - [Docker Security : Backdooring Images with Dockerscan](https://medium.com/@mayankshah1607/docker-security-backdooring-images-with-dockerscan-ace5ff65bd39) by [Mayank Shah](https://medium.com/@mayankshah1607) - :material-shield-star:{ .lg .middle } __Required IAM Permissions__