Rule Info
Name
Kubernetes Admission Controller Modification
Author
kelnage
Description
Detects when a modification (create, update or replace) action is taken that affects mutating or validating webhook configurations, as they can be used by an adversary to achieve persistence or exfiltrate access credentials.
Date
2024-07-11 00:00:00
Modified
None
Id
eed82177-38f5-4299-8a76-098d50d225ab
Tags
attack.persistence attack.t1078 attack.credential-access attack.t1552 attack.t1552.007 DEMO
Type
Community Rule
Link to Public Repo