Files
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

42 lines
1.7 KiB
Markdown

# API Reference: Detecting Privilege Escalation in Kubernetes Pods
## Kubernetes Python Client API
| Method | Description |
|--------|-------------|
| `CoreV1Api().list_pod_for_all_namespaces()` | List all pods across namespaces |
| `CoreV1Api().list_namespaced_pod(namespace)` | List pods in a specific namespace |
| `RbacAuthorizationV1Api().list_cluster_role_binding()` | List all ClusterRoleBindings |
| `RbacAuthorizationV1Api().list_namespaced_role_binding(ns)` | List RoleBindings in namespace |
## Pod SecurityContext Fields
| Field | Risk |
|-------|------|
| `privileged: true` | Full host access, container escape |
| `allowPrivilegeEscalation: true` | Enables setuid/setgid binaries |
| `runAsUser: 0` | Container runs as root |
| `hostPID: true` | Access to host process namespace |
| `hostNetwork: true` | Access to host network stack |
| `capabilities.add: [SYS_ADMIN]` | Near-root capabilities |
## Key Libraries
- **kubernetes** (`pip install kubernetes`): Official Python client for Kubernetes API
- **config.load_kube_config()**: Load kubeconfig from file for external access
- **config.load_incluster_config()**: Load service account config when running inside a pod
## Configuration
| Variable | Description |
|----------|-------------|
| `DANGEROUS_CAPABILITIES` | Linux capabilities that enable privilege escalation |
| `kubeconfig` | Path to Kubernetes configuration file |
## References
- [Kubernetes Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/)
- [MITRE ATT&CK T1611 - Escape to Host](https://attack.mitre.org/techniques/T1611/)
- [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
- [kubernetes-client/python](https://github.com/kubernetes-client/python)