Can an intruder use a Docker Desktop installation to run the keyboard or other capture (audio / video, network) on a Windows 10 system?

I am not looking for a tutorial for a feat.

"LostVicking" in a Docker forum post seems to be trying to mount its webcam device in a Docker container, but it is unsuccessful:

Is it possible to forward the webcam video to an image that can be coupled from Windows
10? I have seen the same question for Linux and the solution seems
be to use:

docker run –privileged -v / dev / video0: / dev / video0

Is there any similar trick when I am running Docker on Windows 10?
Presumably, isn't there an equivalent mount point that can be linked?

This made me wonder if Docker Desktop could facilitate the installation of the keyboard capture or other capture (audio, video, network), either by an adversary user with physical access to a shared machine (university computer lab, cyber café) or an intruder online. Or can Windows USB devices not be shared with Docker containers through Docker Desktop?

it's possible?

Is there an obvious countermeasure besides uninstalling Docker Desktop?

Obviously, someone with physical access to a Windows machine can install native Windows malware. This question implies whether Docker Desktop adds an additional, less monitored vector.

Bitcoin Core: what happens if an intruder modifies the scriptSig to get the same hashMerkleRoot from a block?

I guess you mean scriptPubKey In the exits of the coinbase transaction.

Assuming that what you are describing is popularly known in cryptography as a collision. If you can find two different texts in such a way that they both produce identical hashes, then you will have a collision. If you change the scriptPubKey in the output of the coinbase transaction, assuming no collision occurs, the txid and therefore change the merkleroot, which in turn would change the block header hash.

The SHA-256 algorithm generates 32 bytes, which means that there is a total of 2 ^ 256 (or 10 ^ 77 combination). SHA256 is a one-way mathematical function, as a result, you will have to use brute force to produce hash similar to the previous one. Executing that type of brute force is not only computationally impossible, but also impossible due to the energy it consumes (verify this).

web application – How do I extract the data from the response and use it in the URL for the next request in Burp Intruder?


When the previous url is requested, an answer comes with < a > tag that contains a new URL with different session values ​​like:

As you can see, the value of the session has changed and has changed in each request.

So, my question is, how can I use the Burp intruder to make repeated requests?

The workflow must be:

Burp> request sent> get response> take url or response session value> send request with session value updated in url> loop continues.