Skip to content

Bash or cmd inside container


ID: MS-TA9007
Tactic: Execution
MITRE technique: T1059

Attackers who have permissions to run a cmd/bash script inside a container can use it to execute malicious code and compromise cluster resources.


ID Mitigation Description
MS-M9011 Restrict Container Runtime using LSM Restrict container runtime capabilities using LSM.
MS-M9012 Remove Tools from Container Images Remove bash and other terminals from container images.