# KubeShadow (Advanced Offensive Kubernetes Red-Team Framework)

By: Aashita Pandey, Binayak Choudhury

Conference: Blackhat
Year: 2026
Date: 2026-04-24

Tags: kubernetes, red-teaming, cloud-pentesting, container-security


## Resources
- Conference Link: https://blackhat.com/asia-26/arsenal/schedule/index.html#kubeshadow-advanced-offensive-kubernetes-red-team-framework-50286
- Source Code: https://github.com/ashifly/KubeShadow



KubeShadow is a Go-based, modular red-team framework engineered to simulate end-to-end adversary kill-chains against Kubernetes (EKS, GKE, AKS and self-hosted) with precision and operational fidelity. It combines a powerful recon engine, graph-based chaining, and a plugin architecture that houses control-plane and workload exploitation modules (etcd injection, kubelet hijack, sidecar/init-container injection, RBAC escalation, ephemeral container attacks), multi-cloud identity pivoting, and flexible exfiltration adapters. Built-in lab manifests and safe execution flags enable reproducible PoCs and purple-team exercises, while the interactive dashboard and attack map correlate findings, link raw command outputs, and produce prioritized remediation guidance. KubeShadow is designed for authorized adversary emulation and defender validation - to measure real impact, harden controls, and close the gaps modern cloud-native deployments expose.