<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">

MITRE ATT&CK Matrix for Kubernetes

These pages cover what Magalix is, how to get started using it, and reference materials for its features and supported cloud providers.

Get started quickly, and get all your questions answered now!

Talk to an Expert

    Privilege Escalation

    MITRE ATTACK - Privilege Escalation

    Overview

    This tactic includes techniques that enable attackers to gain additional or higher privileges in the environment. They can use these privileges to get access to more resources in the cluster or take other actions within the cluster. In containerized environments, they may get access to the node from a container.

    Privileged Container

    A privileged container has all the capabilities of the host machine and none of the limitations of a regular container. If an attacker gains access to a privileged container or has the permissions to start a new privileged container, they can gain access to the host’s resources, or compromise other containers running on the same host.

    MITRE ATTACK - Privileged Container02aii-linuxMITRE ATTACK - Privileged ContainerMITRE ATTACK - Privileged ContainerMITRE ATTACK - Privileged Container

    Cluster-admin Binding

    Cluster-admin is a built-in high privileged role in Kubernetes. Users with this role have full access to the cluster, and can potentially compromise it. Attackers with RBAC (Role-based access control) permissions to create bindings and cluster-bindings in the cluster can create a binding to the cluster-admin role or other roles with high privileges.

    MITRE ATTACK - Cluster-admin BindingMITRE ATTACK - Cluster-admin Binding

    HostPath Mount

    The hostPath volume mounts a file or directory from the host to the container. This can allow attackers to gain access to the underlying host or resources, break from the container to the host, or compromise other containers running on the same host.

    MITRE ATTACK - HostPath MountMITRE ATTACK - HostPath Mount

    Access Cloud Resources

    An adversary may use this technique to gain access to a single container in a Kubernetes cloud cluster to access other cloud resources outside the cluster. For instance, if they gain access to the service principal credential file in Azure Kubernetes Service (AKS), they may be able to use these credentials to access or modify the cloud resources.

    MITRE ATTACK - Access Cloud Resources

    arrow