🚨 Reminder! I'll be opening at the RedTeamVillage conference tomorrow (February 8th) at 10AM EST with ~2 hours of live demos and foundational "WTF is a kubernete" knowledge. Stop by!

You can also do this without being in the pod itself.

Golden Ticket Attack In Kubernetes? 🤔 A new post exploitation & persistence tool for Kubernetes just came out called Kubernetes Spoofilizer. It allows attackers to quickly gain persistent access to a cluster in a few different ways after compromising the cluster 🧵

I'm releasing research soon detailing a technique to take over Kubernetes clusters. It allows running arbitrary commands in EVERY pod in the cluster using only a commonly granted "read only" RBAC permission. Oh and it's not logged by Kubernetes AuditPolicy 👀

I've pushed the release date of this research for a maximum of one more month for reasons that will hopefully be apparent once it's released, stay tuned :)

I have some very exciting news. The Low Orbit Security Radar Newsletter will return this Monday. The content will continue to be weekly analysis of the security industry from my offensive security perspective tailored to just the important ideas. I very much missed writing this :)

$ radar --status SIGNAL: REACQUIRED LAST_TX: 01/27/2025 STATUS: OPERATIONAL [Low Orbit Radar, back online]