01 Blast radius

Trigger a payload, watch the neighbor

Customer Live View

waiting for stream

Real customer path

waiting
no data
waiting for /ws/customer...
Average
...
Failures
0
Samples
0
Source: direct-probe

Latency is sampled by the customer-traffic sidecar hitting the neighbor victim-checkout. Even when the attacker lab steals CPU or memory, this signal originates from a separate container so blast radius is observable end-to-end.

Baseline exploit chain

Demo setup and recovery repeatable

Prepare mock customers, verify default Docker evidence, and reset chaos payloads without leaving the browser.

No result yet.
B0 Command Injection RCE star demo

A diagnostic endpoint passes input to ping through the shell. CVE-backed pattern: TP-Link CVE-2023-1389, Cisco CVE-2023-20231, Palo Alto CVE-2024-3400, and Ivanti CVE-2024-21887.

No result yet.
B1 Bind Mount Ownership

Write a harmless marker into /app/uploads. On the Linux host it appears as UID/GID 0:0 because userns remap is off.

No result yet.
B2 Dump App Data

Simulate malware-style collection: sample customer files, invoice files, and reachable Postgres rows from the compromised app network.

No result yet.
B3 App Data Ransomware

Encrypt 200 mock customer files with a reversible payload. This is the honest impact: total app/data compromise without claiming host shell.

No result yet.
Baseline customer

Probe victim-checkout directly to confirm the neighbor service is healthy before pressure payloads run.

Dokuru Namespace & Cgroup Lab
Run only on a disposable lab host. Endpoints intentionally expose shell execution and resource pressure.