TeamPCP v21: Inside a 45-Second Docker Escape to Multi-Persistence Cryptojacking
Docker exposes a management interface, the Docker daemon API, that lets you create, start, and control containers. When it is accidentally published to the internet with no authentication, anyone who can reach that port can take over the host underneath it. We watched a fully automated toolkit do exactly that in about 45 seconds.