Refer: https://www.microsoft.com/en-us/security/blog/2020/04/02/attack-matrix-kubernetes/
The credential access tactic consists of techniques that are used by attackers to steal credentials.
In containerized environments, this includes credentials of the running application, identities, secrets stored in the cluster, or cloud credentials.
Application credentials in configuration files
Developers store secrets in the Kubernetes configuration files, such as environment variables in the pod configuration. Such behavior is commonly seen in clusters that are monitored by Azure Security Center. Attackers who have access to those configurations, by querying the API server or by accessing those files on the developer’s endpoint, can steal the stored secrets and use them.
Add an experiment for the above technique with relevant tests.
Refer: https://www.microsoft.com/en-us/security/blog/2020/04/02/attack-matrix-kubernetes/
The credential access tactic consists of techniques that are used by attackers to steal credentials.
In containerized environments, this includes credentials of the running application, identities, secrets stored in the cluster, or cloud credentials.
Application credentials in configuration files
Developers store secrets in the Kubernetes configuration files, such as environment variables in the pod configuration. Such behavior is commonly seen in clusters that are monitored by Azure Security Center. Attackers who have access to those configurations, by querying the API server or by accessing those files on the developer’s endpoint, can steal the stored secrets and use them.
Add an experiment for the above technique with relevant tests.