Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Attacking Development Pipelines for Actual Profit

44CON Information Security Conference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the vulnerabilities in CI/CD pipelines and learn how to exploit them for profit in this 25-minute conference talk from the 44CON Information Security Conference. Dive into real-world issues involving Perforce, network storage, and cross-instance compromise. Discover methodologies for secret management, report manipulation, and deployment exploitation. Examine practical tools like SSH reverse shells and research servers. Analyze a classic DNS rebinding attack on web hooks. Gain valuable insights into attacking development pipelines and understand the potential risks and rewards associated with these security weaknesses.

Syllabus

Introduction
CI/CD Pipelines?
CI/CD: Command Execution as a Service
Methodology - Definition
IRL Issue: Perforce
IRL Issue: Network Storage
Methodology - Execution
Tooling - SSHReverse Shell
IRL Issue: Cross Instance Compromise
Methodology - Secret Management
IRL Issue: VMware guestinfo variables
Methodology - Reports
Tooling - Research Servers
IRL Issue: Web Hook - Classic DNS Rebinding
Methodology - Deployment
Summary

Taught by

44CON Information Security Conference

Reviews

Start your review of Attacking Development Pipelines for Actual Profit

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.