
Show HN: Timemachine, create vulnerable Docker images for security experiments - pmcao
https://github.com/CSLDepend/timemachine
======
pmcao
Timemachine is a tool that constructs a Docker image of a Debian base system
at any date in the past. For example, if you want to study the glibc bug
(CVE-2015-7547), you can't simulate the attack by pulling a Docker image and
run the exploit because most distros have been patched by now. Using
timemachine, you can roll back to any date in the past, where the glibc
library has not been patched and run a corresponding Docker image for
experiments. Timemachine uses Debian snapshot repository to make sure you can
install a specific package version and its corresponding dependencies.

Timemachine is a part of a security testbed that we are developing. We have
created container images of recent attacks in our repo, e.g.,
[https://github.com/CSLDepend/itestbed/tree/master/repo/mitm/...](https://github.com/CSLDepend/itestbed/tree/master/repo/mitm/CVE-2015-7547)

If anyone is interested in developing such testbed for reproducible security
experiments, let me know @pmcao

