Topics
Reference materials covering offensive and defensive Kubernetes security techniques
View:
defensive
Disable Automatic Mounting of Default Service Account Tokens
Preventing token theft by controlling service account token mounting
defensive
Hiding Services from Enumeration
Preventing internal service discovery by disabling automatic injection of service environment variables
offensive
Internal Cluster Discovery
Techniques for discovering available services, APIs, and potential attack vectors within a Kubernetes cluster
offensive
Orphan Pod Masquerading
Creating orphan pods that mimic controller-managed naming conventions to blend in with legitimate workloads
offensive
ServiceAccount Token Theft
Techniques for obtaining ServiceAccount tokens using legitimate Kubernetes features without exploiting vulnerabilities
offensive
Weaponizing Pod Creation Access
How pod creation permissions can be leveraged to escalate privileges and escape to the underlying node
No topics found matching your search.