-
Notifications
You must be signed in to change notification settings - Fork 8
/
mkdocs.yml
132 lines (132 loc) · 8.33 KB
/
mkdocs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
site_name: Threat Matrix for Kubernetes
theme:
name: material
palette:
- scheme: default
primary: blue
logo: assets/Microsoft.png
favicon: assets/mdc.png
language: en
features:
- navigation.tabs
- navigation.tabs.sticky
- navigation.indexes
- navigation.top
markdown_extensions:
- tables
- admonition
- pymdownx.details
- pymdownx.superfences
- def_list
extra_css:
- stylesheets/extra.css
nav:
- Tactics:
- 'index.md'
- Initial Access:
- 'tactics/InitialAccess/index.md'
- Using cloud credentials: 'techniques/Using Cloud Credentials.md'
- Compromised image In registry: 'techniques/Compromised Image In Registry.md'
- Kubeconfig file: 'techniques/Kubeconfig file.md'
- Application vulnerability: 'techniques/Application Vulnerability.md'
- Exposed sensitive interfaces: 'techniques/Exposed sensitive interfaces.md'
- Execution:
- 'tactics/Execution/index.md'
- Exec into container: 'techniques/Exec into container.md'
- Bash/cmd inside container: 'techniques/bash or cmd inside container.md'
- New container: 'techniques/New Container.md'
- Application exploit (RCE): 'techniques/Application Exploit (RCE).md'
- SSH server running inside container: 'techniques/SSH server running inside container.md'
- Sidecar injection: 'techniques/Sidecar Injection.md'
- Persistence:
- 'tactics/Persistence/index.md'
- Backdoor Container: 'techniques/Backdoor container.md'
- Writable hostPath mount: 'techniques/Writable hostPath mount.md'
- Kubernetes CronJob: 'techniques/Kubernetes CronJob.md'
- Malicious admission controller: 'techniques/Malicious admission controller.md'
- Container service account: 'techniques/container service account.md'
- Static pods: 'techniques/Static Pods.md'
- Privilege Escalation:
- 'tactics/PrivilegeEscalation/index.md'
- Privileged container: 'techniques/Privileged container.md'
- Cluster-admin Binding: 'techniques/Cluster-admin binding.md'
- Writable hostPath mount: 'techniques/Writable hostPath mount.md'
- Access cloud resources: 'techniques/Access cloud resources.md'
- Defense Evasion:
- 'tactics/DefenseEvasion/index.md'
- Clear container logs: 'techniques/Clear container logs.md'
- Delete Kubernetes events: 'techniques/Delete K8S events.md'
- Pod or container name similarity: 'techniques/Pod or container name similarily.md'
- Connect from proxy server: 'techniques/Connect from Proxy server.md'
- Credential Access:
- 'tactics/CredentialAccess/index.md'
- List Kubernetes secrets: 'techniques/List K8S secrets.md'
- Mount service principal: 'techniques/Mount service principal.md'
- Container service account: 'techniques/container service account.md'
- Application credentials in configuration files: 'techniques/Application credentials in configuration files.md'
- Access Managed Identity credentials: 'techniques/Access managed identity credentials.md'
- Malicious admission controller: 'techniques/Malicious admission controller.md'
- Discovery:
- 'tactics/Discovery/index.md'
- Access Kubernetes API server: 'techniques/Access the K8S API server.md'
- Access Kubelet API: 'techniques/Access Kubelet API.md'
- Network mapping: 'techniques/Network mapping.md'
- Exposed sensitive interfaces: 'techniques/Exposed sensitive interfaces.md'
- Instance Metadata API: 'techniques/Instance Metadata API.md'
- Lateral Movement:
- 'tactics/LateralMovement/index.md'
- Access cloud resources: 'techniques/Access cloud resources.md'
- Container service account: 'techniques/container service account.md'
- Cluster internal networking: 'techniques/Cluster internal networking.md'
- Application credentials in configuration files: 'techniques/Application credentials in configuration files.md'
- Writable hostPath mount: 'techniques/Writable hostPath mount.md'
- CoreDNS poisoning: 'techniques/CoreDNS poisoning.md'
- ARP poisoning and IP spoofing: 'techniques/ARP poisoning and IP spoofing.md'
- Collection:
- 'tactics/Collection/index.md'
- Images from a private registry: 'techniques/images from a private registry.md'
- Collecting data from pod: 'techniques/Collecting Data from Pod.md'
- Impact:
- 'tactics/Impact/index.md'
- Data destruction: 'techniques/Data destruction.md'
- Resource hijacking: 'techniques/Resource hijacking.md'
- Denial of service: 'techniques/Denial of service.md'
- Mitigations:
- 'mitigations/index.md'
- Multi-factor authentication: 'mitigations/MS-M9001 Multi-factor Authentication.md'
- Restrict access to the API server using IP firewall: 'mitigations/MS-M9002 Restrict access to the API server using IP firewall.md'
- Adhere to least-privilege principle: 'mitigations/MS-M9003 Adhere to least-privilege principle.md'
- Secure CI/CD environment: 'mitigations/MS-M9004 Secure CI CD environment.md'
- Image assurance policy:
- 'mitigations/MS-M9005/index.md'
- Gate generated images in CI/CD pipeline: 'mitigations/MS-M9005/MS-M9005.001 Gate generated images in CI CD pipeline.md'
- Gate images pushed to registries: 'mitigations/MS-M9005/MS-M9005.002 Gate images pushed to registries.md'
- Gate images deployed to Kubernetes cluster: 'mitigations/MS-M9005/MS-M9005.003 Gate images deployed to Kubenertes cluster.md'
- Enable Just In Time access to API server: 'mitigations/MS-M9006 Enable Just In Time access to API server.md'
- Network intrusion prevention: 'mitigations/MS-M9007 Network Intrusion Prevention.md'
- Limit access to services over network: 'mitigations/MS-M9008 Limit Access to Services Over Network.md'
- Require strong authentication to services: 'mitigations/MS-M9009 Require Strong Authentication to Services.md'
- Restrict exec commands on pods: 'mitigations/MS-M9010 Restrict Exec Commands on Pods.md'
- Restrict container runtime using LSM: 'mitigations/MS-M9011 Restrict Container Runtime using LSM.md'
- Remove tools from container images: 'mitigations/MS-M9012 Remove Tools from Container Images.md'
- Restrict over permissive containers: 'mitigations/MS-M9013 Restrict over permissive containers.md'
- Network segmentation: 'mitigations/MS-M9014 Network Segmentation.md'
- Avoid running management interface on containers: 'mitigations/MS-M9015 Avoid Running Management Interface on Containers.md'
- Restrict file and directory permissions: 'mitigations/MS-M9016 Restrict File and Directory Permissions.md'
- Ensure that pods meet defined Pod Security Standards: 'mitigations/MS-M9017 Ensure that pods meet defined Pod Security Standards.md'
- Restricting cloud metadata API access: 'mitigations/MS-M9018 Restricting cloud metadata API access.md'
- Allocate specific identities to pods: 'mitigations/MS-M9019 Allocate specific identities to pods.md'
- Collect logs to remote data storage: 'mitigations/MS-M9020 Collect Logs to Remote Data Storage.md'
- Restrict the usage of unauthenticated APIs in the cluster: 'mitigations/MS-M9021 Restrict the usage of unauthenticated APIs in the Cluster.md'
- Use managed secret store: 'mitigations/MS-M9022 Use Managed Secret Store.md'
- Remove unused secrets from the cluster: 'mitigations/MS-M9023 Remove unused secrets from the cluster.md'
- Restrict access to etcd: 'mitigations/MS-M9024 Restrict access to etcd.md'
- Disable service account auto mount: 'mitigations/MS-M9025 Disable Service Account Auto Mount.md'
- Avoid using plain text credentials: 'mitigations/MS-M9026 Avoid using plain text credentials in configuration files.md'
- Use NodeRestriction admission controller: 'mitigations/MS-M9027 Use NodeRestriction Admission Controller.md'
- Use CNIs that are not prone to ARP poisoning: 'mitigations/MS-M9028 Use CNIs that are not prone to ARP poisoning.md'
- Set requests and limits for containers: 'mitigations/MS-M9029 Set requests and limits for containers.md'
- Use cloud storage provider: 'mitigations/MS-M9030 Use Cloud Storage Provider.md'
- Implement data backup strategy: 'mitigations/MS-M9031 Implement Data Backup Strategy.md'
- Avoid using web-hosted manifest for Kubelet: 'mitigations/MS-M9032 Avoid using web-hosted manifest for Kubelet.md'
- About: 'about.md'