title |
---|
ENDPOINT_EXPLOIT |
Represents a network endpoint exposed by a container that could be exploited by an attacker (via means known or unknown). This can correspond to a Kubernetes service, node service, node port, or container port.
Source | Destination | MITRE |
---|---|---|
Endpoint | Container | Exploitation of Remote Services, T1210 |
Exposed endpoints represent the most common entry point for attackers into a cluster.
A network endpoint exposed by a container.
Endpoints exposed outside the cluster can be queried via kubectl
:
kubectl get endpointslices
Alternatively open ports can be discovered by traditional port scanning techniques or a tool like KubeHunter
This edge simply indicates that an endpoint is exposed by a container. It does not signal that the endpoint is exploitable but serves as a useful starting point for path traversal queries.
None