Skill UI

A comprehensive playbook detailing advanced techniques for attacking Kubernetes clusters. Covers API server access, RBAC privilege escalation, service account token abuse, etcd secrets extraction, Kubelet exploitation, and various container escapes. This guide is essential for security professionals and red teams performing deep security assessments on cloud-native infrastructure.

This tool audits Kubernetes Role-Based Access Control (RBAC) configurations to systematically identify overly permissive roles, dangerous wildcards, and insecure ClusterRoleBindings. It helps pinpoint potential privilege escalation paths, service account abuses, and compliance gaps in EKS, GKE, and AKS clusters, ensuring adherence to the principle of least privilege.

A comprehensive security auditing tool designed to identify over-permissive Role-Based Access Control (RBAC) roles and potential service-account token abuse paths within a Kubernetes cluster. It systematically reviews cluster bindings, effective permissions, and common escalation primitives using advanced tools like `kubectl auth can-i`, `rbac-police`, and `rakkess`, ensuring adherence to the principle of least privilege.

kube-bench is an open-source tool that validates the compliance and security posture of Kubernetes clusters. It rigorously checks control-plane components, worker nodes, and cluster policies against the comprehensive CIS Kubernetes Benchmark. It reports findings (PASS/FAIL/WARN) and includes specific remediation guidance, making it essential for compliance auditing and hardening efforts.