Scaling Up Offensive Pipelines

Explore the essentials of offensive pipelines and discover an innovative approach to empower red team and purple team operations in this conference talk from Hack In The Box Security Conference. Learn about the challenges solved and how to leverage an offensive CI/CD framework to automate tasks related to offensive tools weaponization. Delve into the design and implementation of a modular, self-managed, and collaborative offensive CI/CD pipeline framework that utilizes Infrastructure as Code (IaC) to fully automate deployment. Understand how the framework incorporates built-in recipes for evading host and network detections, and how it can be customized to fit specific requirements or imitate threat actor TTPs. Gain insights into the use of Gitlab CI/CD and Kubernetes clusters for building and deploying offensive tools at scale. The talk covers topics such as pipeline recipes, infrastructure scalability, Gitlab CI implementation, artifact management, reporting, and cloud cost considerations.