Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report › Compromise Trusted Linux Processes and Containers

This step-by-step technical guide highlights the capabilities of, a code injection tool used to compromise Linux processes and containers.

Imagine a scenario where container-level endpoint security is part of a larger overall strategy to protect sensitive data in containers from users with administrator access to the Linux systems that host those containers. In an ideal world, the IT staff would have access to manage the overall system but would somehow be prevented from accessing the actual data. However, in reality, penetration testers recognize the dangers of accessing the sensitive data by manipulating the container processes from the host level regardless of how secure the endpoint protection strategy actually is.

With, penetration testers have a helpful tool to understand attack scenarios against Linux-trusted processes and containers. By injecting arbitrary binary code via the Linux process filesystem (procfs) interface, pen testers can compromise trusted processes demonstrating critical flaws in security strategies intended to keep sensitive data hidden from unauthorized users.

In this technical guide, you will learn:

  • Why was created
  • How to use for pen testing
  • The results of using on a real-world problem

Ben Lincoln Headshot Managing Senior Security Consultant Bishop Fox

About the author, Ben Lincoln

Managing Principal

Ben Lincoln is a Managing Principal at Bishop Fox and focuses on application security. He has extensive experience in network penetration testing, red team activities, white-/black-box web/native application penetration testing, and exploit development. Prior to joining Bishop Fox, Ben was a security consultant with NCC Group, a global information assurance consulting organization. He also previously worked at a major retail corporation as a senior security engineer and a senior systems engineer. Ben delivered presentations at major security conferences, including "A Black Path Toward the Sun" at Black Hat USA 2016. Ben is OSCP-certified and has released several open-source exploit tools.

More by Ben

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.