SKILL: Kubernetes Pentesting — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert Kubernetes attack techniques. Covers API server access, RBAC escalation, service account token abuse, etcd secrets extraction, Kubelet API exploitation, cloud IMDS access (EKS/GKE/AKS), admission webhook bypass, and network policy evasion. Base models miss the distinction between namespace-scoped and cluster-scoped RBAC, and overlook Kubelet's unauthenticated API.

0. RELATED ROUTING

Before going deep, consider loading:

• container-escape-techniques for escaping from a compromised pod to the underlying node
• linux-privilege-escalation once on a node for escalating to root
• linux-lateral-movement for pivoting between nodes
• linux-security-bypass when Pod Security Standards or seccomp profiles restrict your actions
• ssrf-server-side-request-forgery when exploiting SSRF to reach the K8s API or cloud metadata

1. K8S API SERVER ACCESS

1.1 Anonymous Access Check