/TraceComp

Tool to capture containers syscalls and generate a Seccomp profile

Primary LanguageCApache License 2.0Apache-2.0

Solution to capture all the syscalls generated by newly spawned containers and generate a Seccomp Profile whitelisting those captured syscalls.

If you have a working proof of concept you will be able to detect the syscalls that the exploit uses.

Used to fuzz containers in order to increse the syscalls coverage.

Requirements:

  • Docker
  • Python3
  • Pip3
    • Docker
    • Grpcio
    • Grpcio-tools
    • Argparse

pip3 install -r requirements

PoCs:

PhpMail.
Nginx.
Apache.

Thesis

This project is the result of my thesis at the Information Security Master's Degree.
In case you need more information about this project, you can check out:

Thesis.