can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

update replicasets

Verb: update

Resource: replicasets

Description: Update existing ReplicaSets

Abuses

Container Escape

Update pods to run with privileged access (BadPod) and escape container boundaries.

Lateral Movement

Update pods to - run with privileged access (BadPod) on a specific node and escape container boundaries. - run commands - run on an attacker controlled node

# Use e.g. nodeSelectors or nodeAffinity to deploy to a specific node
← Back to overview