<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">
weaveworks_logo_headerstrip
magalix_logo_headerstrip

Weaveworks 2022.03 release featuring Magalix PaC | Learn more

MITRE ATT&CK Matrix for Kubernetes

These pages cover what Magalix is, how to get started using it, and reference materials for its features and supported cloud providers.

Get started quickly, and get all your questions answered now!

Talk to an Expert

    Collection

    MITRE ATTACK - CoreDNS Poisoning

    Overview

    In Kubernetes, attackers use collection techniques to collect information from the cluster or by using the cluster. One way to mitigate such attacks is to implement read-only policies for the registry credentials used in Kubernetes.

    Images from Private Registry

    Images running in the cluster can be stored in a private registry. To pull these images, the container runtime engine must have valid credentials to those registries. If the registry is hosted by the cloud provider, it is authenticated with cloud credentials. But if an attacker gets access to the cluster, they may be able to gain access to the private registry and pull its images. One way is to use the managed identity token by leveraging the access of a Kubernetes pod to the IMDS endpoint.

    arrow