can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

patch daemonsets

Verb: patch

Resource: daemonsets

Description: Patch existing DaemonSets

Abuses

Container Escape

Patch pods to run with privileged access (BadPod) and escape container boundaries.

Lateral Movement

Patch pods to - run with privileged access (BadPod) on a specific node and escape container boundaries. - run commands - run on an attacker controlled node

# Use e.g. nodeSelectors or nodeAffinity to deploy to a specific node
← Back to overview