can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

create validatingwebhookconfigurations

Verb: create

Resource: validatingwebhookconfigurations

Description: Create admission webhook configurations that validate resource requests before they are persisted.

Abuses

Denial of Service

Create validating webhooks that block legitimate resource creation

# Create webhook that blocks all pod creation

Information Disclosure

Create validating webhooks that exfiltrate resource information

# Create webhook that logs all secret operations

Persistence

Create validating webhooks that ensure persistent access by preventing changes

← Back to overview