particular case the Kubernetes cluster stores secrets to redis instances, which will enable the attacker to establish a session to the master-0 redis pod. PoC Attacker has gained shell access to the Python namespace for secrets. chmod +x ./kubectl ./kubectl get secret --namespace default redis -o jsonpath="{.data.redis- password}" | base64 -d z7eIp0aMqP 2https://kubernetes.io/docs/concepts/services-n • The attacker now has the capability to use the netcat binary to interact with the protected redis instance and gain access to the configuration. Linux pythonapp-b57b5897c-gfwj4 4.15.0-1082-azure

Resource bindings: Output Microservice building blocks App “myApp” DynamoDB Redis Event Hubs CosmosDB Kafka Twilio Redis DynamoDB Kafka Twilio Event Hubs CosmosDB “frontend” “cart” Post htt building blocks App Get / Post http://localhost:8000/trigger { "user":"johndoe" } Redis SQS Event Hubs Kafka Redis Kafka SQS Event Hubs Resource triggers: Input Microservice building blocks Subscribe

"quantity":"50" } } App POST http://localhost:3500/v1.0/bindings/inventory DynamoDB Redis Event Hubs CosmosDB Kafka SQS Redis DynamoDB Kafka SQS Event Hubs CosmosDB Dapr State Management and Bindings Input bindings App GET/POST http://localhost:8000/trigger { "user":"johndoe" } Redis SQS Event Hubs Kafka Redis Kafka SQS Event Hubs Publishing & Subscribing POST http://localhost:3500/v1.0/publish/