Containers aren’t tiny fortresses. They’re leaky rowboats unless you know what you’re doing. This hands-on workshop demystifies container security layer by layer, showing how real-world missteps in runtime, image, and host configurations open doors to escapes, persistence, and lateral movement. We’ll dissect how containers actually work, walk through common isolation failures, and demonstrate how attackers exploit weak assumptions. Whether you’re building, securing, or regulating containerized apps, you’ll leave with a threat model, practical tools, and maybe a new trick or two for _literally_ popping out of the box.