Cory Sabol

Cory Sabol is a consultant with a background in web development, web research, and machine learning research. He has several published academic research papers on user identification using WebID. In addition to web research he has conducted research work on botnet detection using machine learning. Cory has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes. In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals. He has developed the Harpoon open-source tool for fingerprinting and escaping containers, and led the development efforts on the Arrrspace containerized microservice training target. He also dabbles in video game development and video game related security.

Kubernetes Security – A Useful Bash One-Liner

Whether you’re an administrator, pentester, devop engineer, programmer, or some other IT person, chances are that you’ve heard of Kubernetes (k8s). If you’re a penetration tester like myself you may sometimes find yourself in odd situations involving k8s. One such situation is getting or being given super admin to a Kubernetes cluster, but you’re on …

Kubernetes Security – A Useful Bash One-Liner Read More »

Escaping the Whale: Things You Probably Shouldn’t Do With Docker (part 2)

This post is part 2 of a series of blog posts on container hacking. If you haven’t read the part1, you should check it out. Today I’m going to tell you about a new collection of scripts, and a lab VM for hacking containers. Both of these resources are currently works in progress, and are …

Escaping the Whale: Things You Probably Shouldn’t Do With Docker (part 2) Read More »

Escaping the Whale: Things you probably shouldn’t do with Docker (Part 1)

In this blog post, I won’t spend too much time explaining what Docker is and is not. You can do some research on your own if you want to learn more about Docker and containerization technology. Instead, I will show you but one simple way to possibly open your system up to a plethora security …

Escaping the Whale: Things you probably shouldn’t do with Docker (Part 1) Read More »

Scroll to Top