IceKube

IceKube copied to clipboard

Need to figure out how to support making attack paths that could have more than one source node as part of the attack. Mainly used when you can compromise two nodes, and work them together to pivot elsewhere.

For example, RBAC_ESCALATE_TO is currently based on updating the role that grants the role edit/escalate permissions effectively. However, realistically you could also update another role which you have access to from another node within the chain. At which point the two sources are (1) the role binding that grants edit/escalate on a random role, and (2) a role binding for that random role