title
ENDPOINT_EXPLOIT

ENDPOINT_EXPLOIT

Represents a network endpoint exposed by a container that could be exploited by an attacker (via means known or unknown). This can correspond to a Kubernetes service, node service, node port, or container port.

Source	Destination	MITRE ATT&CK
Endpoint	Container	Exploitation of Remote Services, T1210

Details

Exposed endpoints represent the most common entry point for attackers into a cluster.

Prerequisites

A network endpoint exposed by a container.

Checks

Endpoints exposed outside the cluster can be queried via kubectl:

kubectl get endpointslices

Alternatively open ports can be discovered by traditional port scanning techniques or a tool like KubeHunter

Exploitation

This edge simply indicates that an endpoint is exposed by a container. It does not signal that the endpoint is exploitable but serves as a useful starting point for path traversal queries.

Defences

None

Calculation

EndpointExploitInternal
EndpointExploitExternal

References:

Official Kubernetes documentation: EndpointSlices

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ENDPOINT_EXPLOIT.md

ENDPOINT_EXPLOIT.md

ENDPOINT_EXPLOIT

Details

Prerequisites

Checks

Exploitation

Defences

Calculation

References:

Files

ENDPOINT_EXPLOIT.md

Latest commit

History

ENDPOINT_EXPLOIT.md

File metadata and controls

ENDPOINT_EXPLOIT

Details

Prerequisites

Checks

Exploitation

Defences

Calculation

References: