can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

patch pods

Verb: patch

Resource: pods

Description: Modify existing Kubernetes pods

Abuses

Container Escape

Patch pods to run with privileged access (BadPod) and escape container boundaries

# Patch pod to run as privileged
# Patch pod to add host filesystem mounts

Lateral Movement

Patch pods to 1. execute arbitrary code 2. change its labels to trigger its eviction until it is assigned to an attacker controlled node (Can be combined with the abuse of 'update/patch nodes' or 'update/patch ' permissions to prevent pods being assigned to non-attacker controlled nodes)

← Back to overview