From 5aad980a94ec3645cb28ae91194aef449edbd245 Mon Sep 17 00:00:00 2001 From: Travis Lowe Date: Wed, 19 May 2021 13:58:33 -0500 Subject: [PATCH] more tweaks --- atomics/T1610/T1610.yaml | 2 +- atomics/T1611/T1611.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/atomics/T1610/T1610.yaml b/atomics/T1610/T1610.yaml index 99be0140..acd82974 100644 --- a/atomics/T1610/T1610.yaml +++ b/atomics/T1610/T1610.yaml @@ -5,7 +5,7 @@ display_name: "Deploy Container" atomic_tests: - name: Deploy container using nsenter container escape description: | - In this escape `kubectl` is used to launched a new pod, with a container that has the host pids mapped into the container (`hostPID:true`). It uses the container image alpine linux. It runs with privilege on the host (`privileged:true`). When the container is launched the command `nsenter --mount=/proc/1/ns/mnt -- /bin/bash` is ran. Since the host processes have been mapped into the container, the container enters the host namespace, escaping the container. + In this escape `kubectl` is used to launch a new pod, with a container that has the host pids mapped into the container (`hostPID:true`). It uses the alpine linux container image. It runs with privilege on the host (`privileged:true`). When the container is launched the command `nsenter --mount=/proc/1/ns/mnt -- /bin/bash` is ran. Since the host processes have been mapped into the container, the container enters the host namespace, escaping the container. Additional Details: - https://twitter.com/mauilion/status/1129468485480751104 diff --git a/atomics/T1611/T1611.yaml b/atomics/T1611/T1611.yaml index ccb4f7bf..1e192680 100644 --- a/atomics/T1611/T1611.yaml +++ b/atomics/T1611/T1611.yaml @@ -5,7 +5,7 @@ display_name: "Escape to Host" atomic_tests: - name: Deploy container using nsenter container escape description: | - In this escape `kubectl` is used to launched a new pod, with a container that has the host pids mapped into the container (`hostPID:true`). It uses the container image alpine linux. It runs with privilege on the host (`privileged:true`). When the container is launched the command `nsenter --mount=/proc/1/ns/mnt -- /bin/bash` is ran. Since the host processes have been mapped into the container, the container enters the host namespace, escaping the container. + In this escape `kubectl` is used to launch a new pod, with a container that has the host pids mapped into the container (`hostPID:true`). It uses the alpine linux container image. It runs with privilege on the host (`privileged:true`). When the container is launched the command `nsenter --mount=/proc/1/ns/mnt -- /bin/bash` is ran. Since the host processes have been mapped into the container, the container enters the host namespace, escaping the container. Additional Details: - https://twitter.com/mauilion/status/1129468485480751104