| Basic Kubernetes Privilege Escalation |
- Let's say you got a reverse shell from a process running in a Kubernetes environment
- This guide details the basic steps you can take to escalate your privileges within Kubernetes
|
| Bad Pods: Kubernetes Pod Privilege Escalation |
- What are the risks associated with overly permissive pod creation in Kubernetes?
- 8 insecure pod configurations and the corresponding methods to perform privilege escalation
- See also the companion badPods repository
|
| GKE Kubelet TLS Bootstrap Privilege Escalation |
- Privilege escalation with Kubelet TLS bootstrapping in Google Kubernetes Engine
- Starting with compromised CGP credentials, then stole TLS Bootstrap credentials by listing Compute Engine instances, generated and submitted CSRs, acted as worker nodes, stole secrets and gained cluster admin access in the GKE cluster
|
| Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC |
- How granting rights to node/proxy resources in Kubernetes could allow for audit logs and other security controls to be bypassed
|
| Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms |
- Pods with an elevated set of privileges required to do their job, could be used as a jumping off point to gain escalated privileges
|
| Container Breakouts |
|