Container security, DevOps, Security Research

Drobo Exploit, Docker Escape, SMBv3.11 – PSW #644

March 23, 2020

SANS Penetration Testing | Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, $100K Paid Out for Google Cloud Shell Root Compromise, WordPress, Apache Struts Attract the Most Bug Exploits, Run Docker nginx as Non-Root-User.

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Drobo Exploit, Docker Escape, SMBv3.11

Scan for SMB 3.11: nmap -p445 --open --script smb-protocols -Pn -n | grep -P 'd+.d+.d+.d+|^|.s+3.11' | tr 'n' ' ' | sed -e 's/Nmap scan report for/n/g; s/|//g; s/_//g'

WordPress, Apache Struts Attract the Most Bug Exploits - We have the tools and processes to fix this already, but many organizations don't do it, therefore I somewhat disagree with these statements: Even if best application development practices are used, framework vulnerabilities can expose organizations to security breaches.

Run Docker Nginx as Non-Root-User - In Docker, this is a problem as it means the container will drop you into root-level privileges by default for a shell (exploit or with docker exec -ti). So, for Docker, make sure you change this as the Docker Hub image for Nginx runs as root! They should really change this.


[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant[/caption] [caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption]



  • Register for our upcoming webcasts and virtual trainings by visiting selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 - April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

[audio src=""]

prestitial ad