Mount service principal
Info
ID: MS-TA9026
Tactic: Credential Access
MITRE technique: T1552.001
When the cluster is deployed in the cloud, in some cases attackers can leverage their access to a container in the cluster to gain cloud credentials. For example, in AKS each node contains service principal credential.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9013 | Restrict over permissive containers | Block sensitive volume mounts using admission controller |
| MS-M9003 | Adhere to least-privilege principle | Grant minimal required permissions to service principals |