Let's code together!

We're a growing, remote first engineering team. We are responsible for every aspect of building, running and securing our market leading, cloud native payment processing platform. In this space, you can learn more about us, our work, as well as catch up with our latest events.

Exploiting Distroless Images

An abuse of functionality in the OpenSSL binary, installed in the official Google Container Tools Distroless Base container image, allows for command execution and arbitrary file read and write on distroless containers. By abusing the enc functionality in the OpenSSL binary it is possible to read and write to the filesystem using the -in and -out options and combining the write to the filesystem capability with the engine functionality that allows us to load shared libraries, it is possible to obtain command execution by uploading and loading malicious library.

Keen to learn more about us?

Follow our engineering account on Twitter!