Hiding in Plaintext Sight: Abusing The Lack of Kubernetes Auditing Policies

MalBot · August 11, 2021, 4:15pm

Jared Stroud Cloud Security Researcher – Lacework Labs Key Points: Kubernetes Audit Policies are critical for cluster-level visibility. Kubernetes Annotations allow for arbitrary storage and can be abused for malicious activity. Kubernetes API endpoints create a novel C2 channel that may be difficult to audit or detect within organizations. Introduction to Kubernetes Audit Log [...]