MITRE technique: T1543
Attackers run their malicious code in a container in the cluster. By using the Kubernetes controllers such as DaemonSets or Deployments, attackers can ensure that a constant number of containers run in one, or all, the nodes in the cluster.
|MS-M9003||Adhere to least-privilege principle||Prevent unnecessary users and service accounts from creating new pods and controllers.|
|MS-M9013||Restrict over permissive containers||Restrict over permissive containers in the cluster using admission controller.|
|MS-M9005.003||Gate images deployed to Kubernetes cluster||Restrict deployment of new containers from trusted supply chain|