mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 13:15:16 +03:00
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
42 lines
1.7 KiB
Markdown
42 lines
1.7 KiB
Markdown
# API Reference: Detecting Privilege Escalation in Kubernetes Pods
|
|
|
|
## Kubernetes Python Client API
|
|
|
|
| Method | Description |
|
|
|--------|-------------|
|
|
| `CoreV1Api().list_pod_for_all_namespaces()` | List all pods across namespaces |
|
|
| `CoreV1Api().list_namespaced_pod(namespace)` | List pods in a specific namespace |
|
|
| `RbacAuthorizationV1Api().list_cluster_role_binding()` | List all ClusterRoleBindings |
|
|
| `RbacAuthorizationV1Api().list_namespaced_role_binding(ns)` | List RoleBindings in namespace |
|
|
|
|
## Pod SecurityContext Fields
|
|
|
|
| Field | Risk |
|
|
|-------|------|
|
|
| `privileged: true` | Full host access, container escape |
|
|
| `allowPrivilegeEscalation: true` | Enables setuid/setgid binaries |
|
|
| `runAsUser: 0` | Container runs as root |
|
|
| `hostPID: true` | Access to host process namespace |
|
|
| `hostNetwork: true` | Access to host network stack |
|
|
| `capabilities.add: [SYS_ADMIN]` | Near-root capabilities |
|
|
|
|
## Key Libraries
|
|
|
|
- **kubernetes** (`pip install kubernetes`): Official Python client for Kubernetes API
|
|
- **config.load_kube_config()**: Load kubeconfig from file for external access
|
|
- **config.load_incluster_config()**: Load service account config when running inside a pod
|
|
|
|
## Configuration
|
|
|
|
| Variable | Description |
|
|
|----------|-------------|
|
|
| `DANGEROUS_CAPABILITIES` | Linux capabilities that enable privilege escalation |
|
|
| `kubeconfig` | Path to Kubernetes configuration file |
|
|
|
|
## References
|
|
|
|
- [Kubernetes Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/)
|
|
- [MITRE ATT&CK T1611 - Escape to Host](https://attack.mitre.org/techniques/T1611/)
|
|
- [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
|
- [kubernetes-client/python](https://github.com/kubernetes-client/python)
|