Pivot to cloud provider APIs using pod credentials - Access secrets stores (etcd, external vaults) - Demonstrate data exfiltration paths - Document complete attack chains