Files
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.7 KiB

API Reference: Detecting Privilege Escalation in Kubernetes Pods

Kubernetes Python Client API

Method Description
CoreV1Api().list_pod_for_all_namespaces() List all pods across namespaces
CoreV1Api().list_namespaced_pod(namespace) List pods in a specific namespace
RbacAuthorizationV1Api().list_cluster_role_binding() List all ClusterRoleBindings
RbacAuthorizationV1Api().list_namespaced_role_binding(ns) List RoleBindings in namespace

Pod SecurityContext Fields

Field Risk
privileged: true Full host access, container escape
allowPrivilegeEscalation: true Enables setuid/setgid binaries
runAsUser: 0 Container runs as root
hostPID: true Access to host process namespace
hostNetwork: true Access to host network stack
capabilities.add: [SYS_ADMIN] Near-root capabilities

Key Libraries

  • kubernetes (pip install kubernetes): Official Python client for Kubernetes API
  • config.load_kube_config(): Load kubeconfig from file for external access
  • config.load_incluster_config(): Load service account config when running inside a pod

Configuration

Variable Description
DANGEROUS_CAPABILITIES Linux capabilities that enable privilege escalation
kubeconfig Path to Kubernetes configuration file

References