Closed yogisec closed 4 weeks ago
Is there an associated detection where we can use this attack_data?
I had one, but as time has gone on I think I nuked all of the work streams I had associated between, security_content, attack_range, and this repo. Feel free to close this out. I wont be able to contribute here anymore.
This is a dataset that shows the complete lifecycle of a pod which is created using a known container escape. It tracks the initial request to create, the internal components of k8s provisioning it, and the eventual deletion of the pod.
These logs are the result of running the following command:
This exact command is referenced in the atomic red team test, the securekubernetes reference and the tweet linked as references for this data.