Join us at hack.lu 2025 — Info & Registration
Duration: 30 min
Type: Talk
Speakers: Bogdan Trufanda, Mihai Vasilescu
Abstract
This presentation focuses on container security, particularly addressing the tactics, techniques, and procedures (TTPs) used by cybercrime groups like TeamTNT to exploit container vulnerabilities. The presentation starts with container security fundamentals and common misconfigurations, followed by an examination of TeamTNT’s malware, C2 infrastructure, and evolution. Attendees will learn best practices for hardening container environments and the significance of runtime security and continuous monitoring. The talk is intended for security practitioners, DevOps engineers, and IT professionals seeking to improve their understanding of real-world container security threats and mitigation strategies. Actionable recommendations for enhancing container security posture will be provided.
Description
Container technologies have revolutionized application deployment and scalability, but they’ve also introduced new attack surfaces for threat actors. This presentation delves into the tactics, techniques, and procedures (TTPs) employed by some of the notorious cybercrime groups, such as TeamTNT, in exploiting container vulnerabilities.
We’ll begin with an overview of container security fundamentals and common misconfigurations. We’ll demonstrate how TeamTNT has evolved their tactics over time, adapting to improved security measures and expanding their target scope. Attendees will gain insights into:
TeamTNT’s malware and C2 infrastructure
Best practices for hardening container environments against similar attacks
The importance of runtime security and continuous monitoring in containerized environments
This talk is aimed at security practitioners, DevOps engineers, and IT professionals looking to deepen their understanding of real-world container security threats and mitigation strategies.
The presentation will provide actionable recommendations for security professionals to enhance their container security posture and stay ahead of emerging threats in this domain.
