twistlock / sa-hunter
Correlates serviceaccounts and pods to the permissions granted to them via rolebindings and clusterrolesbindings.
☆34Updated 2 years ago
Related projects: ⓘ
- ☆24Updated 4 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆56Updated 6 months ago
- a tool to audit the istio service mesh☆173Updated 2 years ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆49Updated 2 years ago
- Exploit for CVE-2021-25741 vulnerability☆28Updated 2 years ago
- ☆90Updated 4 months ago
- Post-exploit a compromised etcd, gain persistence and remote shell to nodes.☆70Updated 4 months ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.☆19Updated last year
- Proof of Concept exploit for Kubernetes CVE-2020-8559☆20Updated 4 years ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆78Updated 7 months ago
- A container image that exfiltrates the underlying container runtime to a remote server☆126Updated last year
- Information about Kubernetes CVE-2020-8558, including proof of concept exploit.☆42Updated 4 years ago
- Kubernetes POC for utilizing write mount to /var/log for getting a root on the host☆89Updated 3 years ago
- Vulnerability Scanner for Detecting Publicly Disclosed Vulnerabilities in Application Dependencies☆23Updated 5 years ago
- Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.☆159Updated 10 months ago
- A POC for DNS spoofing in kubernetes clusters. Runs with minimum capabilities, on default installations of kuberentes.☆74Updated 5 years ago
- Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a …☆38Updated 2 years ago
- Kubernetes offensive framework built in eBPF☆34Updated last year
- ☆27Updated 2 months ago
- A toolset to juggle AWS roles for persistent access☆47Updated last month
- Kubernetes Pwnage for all☆54Updated 3 years ago
- PoC for gaining persistency on vulnerable Lambdas☆30Updated 3 years ago
- INTERCEPT / Policy as Code Auditing & Compliance☆82Updated this week
- Kubernetes audit logging, when you don't control the control plane☆64Updated this week
- ☆20Updated 4 months ago
- book website☆66Updated 2 years ago
- Container Excape PoC for CVE-2022-0847 "DirtyPipe"☆77Updated 2 years ago
- Dockerfile Security Checker using OPA Rego policies with Conftest☆58Updated 2 years ago
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆30Updated last year
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆71Updated last year