Represents a network endpoint exposed by a container that could be exploited by an attacker (via means known or unknown). This can correspond to a Kubernetes service, node service, node port, or container port.
|Endpoint||Container||Exploitation of Remote Services, T1210|
Exposed endpoints represent the most common entry point for attackers into a cluster.
A network endpoint exposed by a container.
Endpoints exposed outside the cluster can be queried via
Alternatively open ports can be discovered by traditional port scanning techniques or a tool like KubeHunter
This edge simply indicates that an endpoint is exposed by a container. It does not signal that the endpoint is exploitable but serves as a useful starting point for path traversal queries.