Skip to content


The persistence tactic consists of techniques that are used by attackers to keep access to the cluster in case their initial foothold is lost.

ID Name
MS-TA9012 Backdoor container
MS-TA9013 Writable hostPath mount
MS-TA9014 Kubernetes CronJob
MS-TA9015 Malicious admission controller
MS-TA9016 Container service account
MS-TA9017 Static pods