https://detection.fyi/tags/attack.t1613/ Recent content in attack.t1613 on Detection.FYI Hugo -- gohugo.io Mon, 27 Apr 2026 22:43:10 +0000 https://detection.fyi/sigmahq/sigma/application/kubernetes/audit/kubernetes_audit_potential_enumeration_activity/ Mon, 27 Apr 2026 22:43:10 +0000 https://detection.fyi/sigmahq/sigma/application/kubernetes/audit/kubernetes_audit_potential_enumeration_activity/ Detects potential Kubernetes enumeration or attack activity via the audit log. This includes the execution of common shells, utilities, or specialized tools like 'Rakkess' (access_matrix) and 'TruffleHog' via Kubernetes API requests. Attackers use these methods to perform reconnaissance (enumeration), secret harvesting, or execute code (exec) within a cluster.