Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/container-technique

Name: container-technique
Author: aeondave

offensive-techniques/container-technique/SKILL.md

npx skillsauth add aeondave/malskill container-technique

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

container-technique

Goal: Exploit container environments (Docker, Kubernetes, LXC) to achieve host-level code execution, horizontal pod movement, or cluster takeover.

When this technique applies

You have gained a shell via Web RCE or SSH and notice .dockerenv, kubepods in cgroups, or specific mount patterns.
You have acquired compromised Kubeconfigs or Service Account tokens.

The Escape Workflow

1. Internal Reconnaissance

Determine the isolation boundaries.

Am I in a container?: ls -la /.dockerenv ; cat /proc/1/cgroup
What privileges do I have?: capsh --print (look for CAP_SYS_ADMIN, CAP_SYS_MODULE, CAP_SYS_PTRACE).
Network mapping: Look for kube-dns or metadata endpoints (e.g. 169.254.169.254 or GCP/Azure equivalents).

2. Hunting for Escape Vectors

Exposed Docker Socket: ls -la /var/run/docker.sock. If writable, attach the host root filesystem to a new container.
Privileged Container: If fdisk -l lists host drives or capsh shows CAP_SYS_ADMIN, mount the host filesystem (e.g., mount /dev/sda1 /mnt) or load a malicious kernel module.
Cgroups Release Agent: If CAP_SYS_ADMIN is present, leverage the release_agent feature to spawn host processes.

3. Kubernetes Specifics

Service Account Tokens: Located at /var/run/secrets/kubernetes.io/serviceaccount/.
API Server Recon: Use curl -skH "Authorization: Bearer $TOKEN" https://$KUBERNETES_SERVICE_HOST/api/v1/namespaces/default/pods/
Kubelet / ETCD Unauthenticated Ports: Check if ports 10250 (kubelet), 10255 (kubelet readonly), or 2379 (etcd) are exposed internally without authentication.

Quality Gates

Do not break the pod: Kernel module injection and heavy cgroup manipulation can crash the container host. Perform checks first.
Proof of Action: Once you escape, immediately collect evidence of reaching the underlying host (e.g., cat /etc/shadow from the host mount) rather than deploying destructive backdoors.

References

references/privileged-escapes.md — Load when dealing with a container running with --privileged or CAP_SYS_ADMIN.

aeondave/container-technique

offensive-techniques/container-technique/SKILL.md

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4 stars

devops

Updated Jun 12, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill container-technique

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 12, 2026, 3:50 AM13.2s2 files scanned

SKILL.md

name:: container-technique
description:: Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

container-technique

Goal: Exploit container environments (Docker, Kubernetes, LXC) to achieve host-level code execution, horizontal pod movement, or cluster takeover.

When this technique applies

You have gained a shell via Web RCE or SSH and notice .dockerenv, kubepods in cgroups, or specific mount patterns.
You have acquired compromised Kubeconfigs or Service Account tokens.

The Escape Workflow

1. Internal Reconnaissance

Determine the isolation boundaries.

Am I in a container?: ls -la /.dockerenv ; cat /proc/1/cgroup
What privileges do I have?: capsh --print (look for CAP_SYS_ADMIN, CAP_SYS_MODULE, CAP_SYS_PTRACE).
Network mapping: Look for kube-dns or metadata endpoints (e.g. 169.254.169.254 or GCP/Azure equivalents).

2. Hunting for Escape Vectors

Exposed Docker Socket: ls -la /var/run/docker.sock. If writable, attach the host root filesystem to a new container.
Privileged Container: If fdisk -l lists host drives or capsh shows CAP_SYS_ADMIN, mount the host filesystem (e.g., mount /dev/sda1 /mnt) or load a malicious kernel module.
Cgroups Release Agent: If CAP_SYS_ADMIN is present, leverage the release_agent feature to spawn host processes.

3. Kubernetes Specifics

Service Account Tokens: Located at /var/run/secrets/kubernetes.io/serviceaccount/.
API Server Recon: Use curl -skH "Authorization: Bearer $TOKEN" https://$KUBERNETES_SERVICE_HOST/api/v1/namespaces/default/pods/
Kubelet / ETCD Unauthenticated Ports: Check if ports 10250 (kubelet), 10255 (kubelet readonly), or 2379 (etcd) are exposed internally without authentication.

Quality Gates

Do not break the pod: Kernel module injection and heavy cgroup manipulation can crash the container host. Perform checks first.
Proof of Action: Once you escape, immediately collect evidence of reaching the underlying host (e.g., cat /etc/shadow from the host mount) rather than deploying destructive backdoors.

References

references/privileged-escapes.md — Load when dealing with a container running with --privileged or CAP_SYS_ADMIN.

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/cicd-technique

development

VerifiedTrustedCommunity

CI/CD supply chain methodology: identifying poisoned pipelines, unsafe GitHub Actions, and extracting build secrets.

4SKILL.mdUpdated Jun 12, 2026

aeondave/cicd-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-techniques/container-technique ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT