2025-10-21 –, Europe
This presentation focuses on container security, particularly addressing the tactics, techniques, and procedures (TTPs) used by cybercrime groups like TeamTNT to exploit container vulnerabilities. The presentation starts with container security fundamentals and common misconfigurations, followed by an examination of TeamTNT's malware, C2 infrastructure, and evolution. Attendees will learn best practices for hardening container environments and the significance of runtime security and continuous monitoring. The talk is intended for security practitioners, DevOps engineers, and IT professionals seeking to improve their understanding of real-world container security threats and mitigation strategies. Actionable recommendations for enhancing container security posture will be provided.
Container technologies have revolutionized application deployment and scalability, but they've also introduced new attack surfaces for threat actors. This presentation delves into the tactics, techniques, and procedures (TTPs) employed by some of the notorious cybercrime groups, such as TeamTNT, in exploiting container vulnerabilities.
We'll begin with an overview of container security fundamentals and common misconfigurations. We'll demonstrate how TeamTNT has evolved their tactics over time, adapting to improved security measures and expanding their target scope. Attendees will gain insights into:
TeamTNT's malware and C2 infrastructure
Best practices for hardening container environments against similar attacks
The importance of runtime security and continuous monitoring in containerized environments
This talk is aimed at security practitioners, DevOps engineers, and IT professionals looking to deepen their understanding of real-world container security threats and mitigation strategies.
The presentation will provide actionable recommendations for security professionals to enhance their container security posture and stay ahead of emerging threats in this domain.
Bogdan Trufanda is a Threat Hunter in CrowdStrike's Cloud Runtime Security Team.
Bogdan is responsible for gathering actionable application and security intelligence for CrowdStrike products, specialising in gathering Threat Intelligence and researching exploitation techniques involving containers and the cloud space.
Mihai Vasilescu is a Threat Hunter in CrowdStrike's Cloud Runtime Security Team.
Mihai's expertise lies in gathering Threat Intelligence on recent botnets and network attack exploitation techniques, including malware analysis and botnet tracking.