Using Cloud | Exec into Container | Backdoor Container | Privileged Container | Clear Container Logs | List K8s secrets | Access the K8s API server | Access cloud resources | Images from a private repository | Data Destruction |
Compromised images in registry | bash/cmd in container | Writable hostPath mount | Cluster-admin binding | Delete k8s events | Mount service principal | Access Kubelet API | Container service account | | Ressource hijacking |
Kubeconfig file | New container | Kubernetes CronJob | hostPath mount | Pod / container name similarity | Access container service account | Network mapping | Cluster internal networking | | Denial of Service |
Application vulnerability | Application exploit (RCE) | Malicious admission controller | Access cloud resources | Connect from proxy server | Applications credentials in configuration files | Access Kubernetes dashboard | Applications credentials in configuration files | | |
Exposed sensitive interfaces | SSH server running in inside container | | Disable Namespacing | | Access managed identity credentials | Instance metadata API | Writable volume mounts on the host | | |
| Sidecar injection | | | | Malicious admission controller | | CoreDNS poisoning | | |
| | | | | | | ARP poisoning and IP spoofing | | |