⚠️ Pracivo Security Lab — Docker escape, Kubernetes misconfig, CI/CD secret exposure, supply chain attacks.
Container & DevOps Attack Surface
| Attack | Target | Impact |
|---|
| Exposed Docker Socket | docker.sock mounted in container | Full host escape — root on host |
| Privileged Container | --privileged flag | Mount host filesystem — root on host |
| K8s RBAC Misconfig | Overpermissive ServiceAccount | Cluster admin takeover |
| CI/CD Secret Exposure | GitHub Actions / Jenkins | Cloud keys, deploy tokens, DB passwords |
| Supply Chain Attack | Dependencies / base images | Backdoor deployed to all users |