Container escape techniques TL;DR: Capability gifts, mounted docker.sock, release_agent, kernel CVEs, runc-class bugs. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/index.html