Skip to content

Latest commit

 

History

History
54 lines (33 loc) · 1.88 KB

ENDPOINT_EXPLOIT.md

File metadata and controls

54 lines (33 loc) · 1.88 KB
title
ENDPOINT_EXPLOIT

ENDPOINT_EXPLOIT

Represents a network endpoint exposed by a container that could be exploited by an attacker (via means known or unknown). This can correspond to a Kubernetes service, node service, node port, or container port.

Source Destination MITRE
Endpoint Container Exploitation of Remote Services, T1210

Details

Exposed endpoints represent the most common entry point for attackers into a cluster.

Prerequisites

A network endpoint exposed by a container.

Checks

Endpoints exposed outside the cluster can be queried via kubectl:

kubectl get endpointslices

Alternatively open ports can be discovered by traditional port scanning techniques or a tool like KubeHunter

Exploitation

This edge simply indicates that an endpoint is exposed by a container. It does not signal that the endpoint is exploitable but serves as a useful starting point for path traversal queries.

Defences

None

Calculation

References: