Skip to content

Commit

Permalink
add new attack paths for security risks
Browse files Browse the repository at this point in the history 
Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
  • Loading branch information
@YiscahLevySilas1
YiscahLevySilas1 committed Mar 5, 2024
1 parent 9fc81b7 commit ab5c9f6
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 1 deletion.
20 changes: 20 additions & 0 deletions attack-tracks/external-wl-unauthenticated.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"apiVersion": "regolibrary.kubescape/v1alpha1",
"kind": "AttackTrack",
"metadata": {
"name": "external-database-without-authentication"
},
"spec": {
"version": "1.0",
"data": {
"name": "Initial Access",
"description": "An attacker can access the Kubernetes environment.",
"subSteps": [
{
"name": "Unauthenticated Access",
"description": "An unauthenticated attacker can access resources."
}
]
}
}
}
20 changes: 20 additions & 0 deletions attack-tracks/external-wl-with-cluster-takeover-roles.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"apiVersion": "regolibrary.kubescape/v1alpha1",
"kind": "AttackTrack",
"metadata": {
"name": "external-workload-with-cluster-takeover-roles"
},
"spec": {
"version": "1.0",
"data": {
"name": "Initial Access",
"description": "An attacker can access the Kubernetes environment.",
"subSteps": [
{
"name": "Cluster/Resources Access",
"description": "An attacker has access to sensitive information and can leverage them by creating pods in the cluster."
}
]
}
}
}
12 changes: 12 additions & 0 deletions controls/C-0256-exposuretointernet.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,18 @@
"categories": [
"Initial Access"
]
},
{
"attackTrack": "external-workload-with-cluster-takeover-roles",
"categories": [
"Initial Access"
]
},
{
"attackTrack": "external-database-without-authentication",
"categories": [
"Initial Access"
]
}
]
},
Expand Down
14 changes: 13 additions & 1 deletion controls/C-0267-workloadwithclustertakeoverroles.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
{
"name": "Workload with cluster takeover roles",
"attributes": {},
"attributes": {
"controlTypeTags": [
"security"
],
"attackTracks": [
{
"attackTrack": "external-workload-with-cluster-takeover-roles",
"categories": [
"Initial Access"
]
}
]
},
"description": "Cluster takeover roles include workload creation or update and secret access. They can easily lead to super privileges in the cluster. If an attacker can exploit this workload then the attacker can take over the cluster using the RBAC privileges this workload is assigned to.",
"remediation": "You should apply least privilege principle. Make sure each service account has only the permissions that are absolutely necessary.",
"rulesNames": [
Expand Down
18 changes: 18 additions & 0 deletions frameworks/security.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,12 @@
"name": "Authenticated user has sensitive permissions"
}
},
{
"controlID": "C-0267",
"patch": {
"name": "Workload with cluster takeover roles"
}
},
{
"controlID": "C-0270",
"patch": {
Expand All @@ -193,6 +199,18 @@
"patch": {
"name": "Ensure memory limits are set"
}
},
{
"controlID": "C-0272",
"patch": {
"name": "Workload with administrative roles"
}
},
{
"controlID": "C-0273",
"patch": {
"name": "Outdated Kubernetes version"
}
}
]
}

0 comments on commit ab5c9f6

Please sign in to comment.