Stephen Bradshaw's blog about pentesting and computer security
© 2025.
A common technique used by attackers in containerised environments is exploitation of the container runtime socket to move laterally or escalate privileges. This socket can be accessed by attackers when the socket is exposed directly in an exploited container or when the the attacker can access the containing hosts file system, usually with root privileges.
More …When attacking a Kubernetes cluster it is common to run into scenarios where you can obtain access to leaked Kubernetes credentials. This blog post will talk in detail about a number of different ways you can actually use those credentials to interact with the Kubernetes API, especially in scenarios where you might only have access to simple tools like wget or curl with which to make the connection.
More …