Peirates
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1619 | 云存储对象发现 | ||
| Enterprise | T1530 | 从云存储获取数据 |
Peirates can dump the contents of AWS S3 buckets. It can also retrieve service account tokens from kOps buckets in Google Cloud Storage or S3.[1] |
|
| Enterprise | T1550 | .001 | 使用备用认证材料: Application Access Token |
Peirates can use stolen service account tokens to perform its operations. It also enables adversaries to switch between valid service accounts.[1] |
| Enterprise | T1613 | 容器与资源发现 |
Peirates can enumerate Kubernetes pods in a given namespace.[1] |
|
| Enterprise | T1609 | 容器管理命令 |
Peirates can use |
|
| Enterprise | T1078 | .004 | 有效账户: Cloud Accounts |
Peirates can use stolen service account tokens to perform its operations.[1] |
| Enterprise | T1552 | .005 | 未加密凭证: Cloud Instance Metadata API |
Peirates can query the query AWS and GCP metadata APIs for secrets.[1] |
| .007 | 未加密凭证: Container API | |||
| Enterprise | T1528 | 窃取应用访问令牌 |
Peirates gathers Kubernetes service account tokens using a variety of techniques.[1] |
|
| Enterprise | T1046 | 网络服务发现 |
Peirates can initiate a port scan against a given IP address.[1] |
|
| Enterprise | T1611 | 逃逸至主机 |
Peirates can gain a reverse shell on a host node by mounting the Kubernetes hostPath.[1] |
|
| Enterprise | T1610 | 部署容器 |
Peirates can deploy a pod that mounts its node’s root file system, then execute a command to create a reverse shell on the node.[1] |
|