Skip to content

Commit

Permalink
[docs] cosmetics
Browse files Browse the repository at this point in the history
  • Loading branch information
christophetd committed Jun 3, 2022
1 parent f6bcada commit 4ecbeae
Show file tree
Hide file tree
Showing 7 changed files with 11 additions and 11 deletions.
4 changes: 2 additions & 2 deletions docs/attack-techniques/kubernetes/index.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# kubernetes
# Kubernetes

This page contains the Stratus attack techniques for kubernetes, grouped by MITRE ATT&CK Tactic.
This page contains the Stratus attack techniques for Kubernetes, grouped by MITRE ATT&CK Tactic.
Note that some Stratus attack techniques may correspond to more than a single ATT&CK Tactic.


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Dump All Secrets

<span class="smallcaps w3-badge w3-blue w3-round w3-text-white" title="This attack technique can be detonated multiple times">idempotent</span>

Platform: kubernetes
Platform: Kubernetes

## MITRE ATT&CK Tactics

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Steal Pod Service Account Token

<span class="smallcaps w3-badge w3-blue w3-round w3-text-white" title="This attack technique can be detonated multiple times">idempotent</span>

Platform: kubernetes
Platform: Kubernetes

## MITRE ATT&CK Tactics

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Create Admin ClusterRole



Platform: kubernetes
Platform: Kubernetes

## MITRE ATT&CK Tactics

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Container breakout via hostPath volume mount



Platform: kubernetes
Platform: Kubernetes

## MITRE ATT&CK Tactics

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Privilege escalation through node/proxy permissions

<span class="smallcaps w3-badge w3-blue w3-round w3-text-white" title="This attack technique can be detonated multiple times">idempotent</span>

Platform: kubernetes
Platform: Kubernetes

## MITRE ATT&CK Tactics

Expand Down Expand Up @@ -74,10 +74,10 @@ Sample event (shortened):
}
```

In normal operating conditions, it's not expected that this API is used frequently.
Consequently, alerting on `objectRef.resource == "nodes" && objectRef.subresource == "proxy"` should yield minimal false positives.'
Under normal operating conditions, it's not expected that this API is used frequently.
Consequently, alerting on `objectRef.resource == "nodes" && objectRef.subresource == "proxy"` should yield minimal false positives.

Additionally, looking at the Kubelet API path that was proxied can help identify malicious activity (/runningpods) in this example.
Additionally, looking at the Kubelet API path that was proxied can help identify malicious activity (/runningpods in this example).
See [kubeletctl](https://github.com/cyberark/kubeletctl/blob/master/pkg/api/constants.go) for an unofficial list of Kubelet API endpoints.


Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ title: Run a Privileged Pod



Platform: kubernetes
Platform: Kubernetes

## MITRE ATT&CK Tactics

Expand Down

0 comments on commit 4ecbeae

Please sign in to comment.