ARMO rego library ARMO rego library for detecting miss-configurations in Kubernetes manifests NSA Framework MITRE ATT&CK® Framework Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Impact Using Cloud credentials Exec into container Backdoor container Privileged container Clear container logs List k8s secrets Access the K8S API server Access cloud resources Image from private registery Data Destruction Compromised Image in registery bash/cmd inside container Writable hostPath mount Cluster-admin binding Delete K8S events Mount service principal Access Kubelet API Container service account Resources Hijacking kubeconfig file New container kubernetes CronJob hostPath mount Pod/Container name similarity Access container service account Network mapping Cluster internal networking Denial of service Application vulnerability Application Exploit (RCE) Malicious admission controller Access cloud resources Connect from Proxy server Application credentials in configuration files Access kubernetes dashboard Application credentials in configuration Exposed Dashboard SSH server running insider container Access managed identity credentials instance Metadata API Writable volume mounts on the host Exposed sensitive interface Sidecar injection Malicious admission controller Access kubernetes dashboard access tiller endpoint CoreDNS poisoning ARP and IP spoofing