K-ETCD-OPENInitial Access

etcd Exposed Without Auth

etcd on 2379/2380 without --client-cert-auth — read every secret in the cluster.

§ Where this technique fits

K-ETCD-OPEN is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Exposed etcd → cluster-wide secret raid
etcd is reachable without mTLS — read every Secret in the cluster including service-account tokens that grant cluster-admin.
step 2 / 6

§ What commonly comes next

01
Unsecured Credentials
T1552 · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Exposed etcd → cluster-wide secret raid

§ What commonly comes next