Mark Manning
@antitree.com
Process isolationist, k8s hacker, ᴎo-prem pusher, syscall denier, container liberator
🔸Chainguard - Product Security
🔸Rochester 2600, IOIOIO Security
🔸Former: Snowflake, NCC Group, Hackerspace starter, BSidesROC Founder
🔸Chainguard - Product Security
🔸Rochester 2600, IOIOIO Security
🔸Former: Snowflake, NCC Group, Hackerspace starter, BSidesROC Founder
This was 2600 meeting last night. It's getting overwhelming when you look closely
October 4, 2025 at 4:40 PM
This was 2600 meeting last night. It's getting overwhelming when you look closely
An answer to everyone's question: "What if a Linux syscall was an anthropomorphic action figure?"
August 24, 2025 at 8:55 PM
An answer to everyone's question: "What if a Linux syscall was an anthropomorphic action figure?"
Catching @bouncyhat.bsky.social 's talk in track 4. Pretty excited
August 8, 2025 at 6:20 PM
Catching @bouncyhat.bsky.social 's talk in track 4. Pretty excited
All I can say is I worked very hard to angle myself into a position to receive one of these today. Thanks @bsidesbuffalo.bsky.social
June 8, 2025 at 1:31 AM
All I can say is I worked very hard to angle myself into a position to receive one of these today. Thanks @bsidesbuffalo.bsky.social
Starting my talk for @bsidesbuffalo.bsky.social
June 7, 2025 at 2:59 PM
Starting my talk for @bsidesbuffalo.bsky.social
Just a Friday night with containers, seccomp profiles, and LLMs at @roc2600.bsky.social
June 7, 2025 at 1:03 AM
Just a Friday night with containers, seccomp profiles, and LLMs at @roc2600.bsky.social
Going back to CVE-2019-5736 for a true container 0day for a demo at @bsidesbuffalo.bsky.social next month.
Seccomp will save us right?
Seccomp will save us right?
May 9, 2025 at 1:07 AM
Going back to CVE-2019-5736 for a true container 0day for a demo at @bsidesbuffalo.bsky.social next month.
Seccomp will save us right?
Seccomp will save us right?
It was a great week at @chainguard.bsky.social when I found out I work with the person that wrote Crane and he pointed me at some fun registry security hints.
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
April 19, 2025 at 1:06 AM
It was a great week at @chainguard.bsky.social when I found out I work with the person that wrote Crane and he pointed me at some fun registry security hints.
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
Here's a preview of an update I'm working on to autodiscover whiteout files in registry images
Here are my slides from @bsidesreykjavik.com.
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
March 19, 2025 at 12:46 PM
Here are my slides from @bsidesreykjavik.com.
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
* Backdooring a container image (Vault)
* Exfiltrate secrets via DNS
* Update to pillage registry tool (originally created by Josh Makinen)
www.canva.com/design/DAGgr...
Excited to be at @bsidesreykjavik.com. I have some guilt that I am missing my hometown B-Sides ROC for the first time ever though which is also today but I can't resist Iceland.
March 19, 2025 at 8:24 AM
Excited to be at @bsidesreykjavik.com. I have some guilt that I am missing my hometown B-Sides ROC for the first time ever though which is also today but I can't resist Iceland.
As expected, Reykjavik is still pretty cool. My @bsidesreykjavik.com is tomorrow morning bright and early so laying low tonight and appreciating the scenery
March 18, 2025 at 12:10 PM
As expected, Reykjavik is still pretty cool. My @bsidesreykjavik.com is tomorrow morning bright and early so laying low tonight and appreciating the scenery
Idk how many people I've shown K9s to now but everyone has the same reaction - what is that and give it to me!
I wish I had time to hack in some of the cool Chainguard debugging tools though
I wish I had time to hack in some of the cool Chainguard debugging tools though
March 17, 2025 at 6:30 PM
Idk how many people I've shown K9s to now but everyone has the same reaction - what is that and give it to me!
I wish I had time to hack in some of the cool Chainguard debugging tools though
I wish I had time to hack in some of the cool Chainguard debugging tools though
My prize possession. A gift from @neutrino.bsky.social who is adding 3d printing to his list of expertises
January 13, 2025 at 3:11 PM
My prize possession. A gift from @neutrino.bsky.social who is adding 3d printing to his list of expertises
How I brought in 2025. Happy new year! See you at Shmoo.
January 1, 2025 at 5:05 AM
How I brought in 2025. Happy new year! See you at Shmoo.
Years ago I built this custom magnetic poetry set to come up with future vulnerability names.
Anyone interested in a pack?
Anyone interested in a pack?
December 13, 2024 at 4:11 PM
Years ago I built this custom magnetic poetry set to come up with future vulnerability names.
Anyone interested in a pack?
Anyone interested in a pack?
I just learned that part of the XZ incident, the attacker disabled Landlock, thE application sandboxing LSM (that I keep hoping grabs more use cases)
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
November 12, 2024 at 1:25 AM
I just learned that part of the XZ incident, the attacker disabled Landlock, thE application sandboxing LSM (that I keep hoping grabs more use cases)
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
1. I didn't think Landlock was that widely adopted at the app level
2. Surprised that XZ could meaningfully use it for such a low level function
I don't always buy lock picks IRL but when I do, it's from an unmarked warehouse that only accepts cash. 10/10, loved visiting Peterson Manufacturing in Rochester today for a local pickup.
November 8, 2024 at 12:14 AM
I don't always buy lock picks IRL but when I do, it's from an unmarked warehouse that only accepts cash. 10/10, loved visiting Peterson Manufacturing in Rochester today for a local pickup.
Rochester 2600 meeting this week. See you at 7pm on Friday at RIT for another interesting set of discussions for nerds and non-nerds a like.
www.rochester2600.com/meetings/202...
www.rochester2600.com/meetings/202...
October 29, 2024 at 4:24 PM
Rochester 2600 meeting this week. See you at 7pm on Friday at RIT for another interesting set of discussions for nerds and non-nerds a like.
www.rochester2600.com/meetings/202...
www.rochester2600.com/meetings/202...