Aqua Blog

Dynamic Container Analysis

Container Security

Threat Alert: TeamTNT is Back and Attacking Vulnerable Redis Servers

Over the past few weeks, TeamTNT grabbed headlines after launching several novel attacks against cloud native infrastructure. In response, Docker Hub decided to remove TeamTNT’s malicious images from its community and deleted the user 'Hildeteamtnt.' But just a few days later, TeamTNT reemerged with a catchy logo …

Continue reading ›

Uncover Malware Payload Executions Automatically with Tracee

We have some exciting news about two new features in Tracee, Aqua’s open source container and system tracing utility. Now, Tracee is much more than just a system call tracer, it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when …

Continue reading ›
DzMLT Threat Alert

Threat Alert: An Attack Against a Docker API Leads To Hidden Cryptominers

Following an attack against a misconfigured Docker API port, the research team at Aqua Security performed an in-depth examination of the Docker Hub account from which the image was pulled. The examination was done by dynamically scanning for hidden threats in the container images hosted in that specific Docker Hub …

Continue reading ›
Dynamic Container Analysis

Dynamic Threat Analysis for Container Images: Uncovering Hidden Risks

This blog was co-written with Idan Revivo, head of Aqua's cyber research team

Container images are a growing path for external code to enter an organization. Docker has simplified image workflow in order to encourage adoption by developers, so anyone can pull and run images that were built and pushed to Docker Hub, …

Continue reading ›