Remove tools from container images
Info
ID: MS-M9012
MITRE mitigation: M1042
Attackers often use built-in executables to run their malicious code. Removing unused executables from the image filesystem can prevent such activity. Examples of executables that are commonly used in malicious activity include: sh, bash, curl, wget, chmod and more.
Techniques Addressed by Mitigation
| ID | Name | Use |
|---|---|---|
| MS-TA9007 | Bash or Cmd inside container | Remove bash and other terminals from container images. |
| MS-TA9039 | Resource hijacking | Remove unused tools from the container image. |