Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacking the DevOps Butler - From Nothing to Admin

Hack In The Box Security Conference via YouTube

Overview

Explore the vulnerabilities in Jenkins, the popular open-source automation server, in this 53-minute conference talk from Hack In The Box Security Conference. Dive into the research process that uncovered six CVEs, focusing on two critical vulnerabilities that allow anonymous attackers to gain full admin privileges on Jenkins servers. Learn about the code reverse-engineering techniques used to discover these security flaws and the exploitation methods that can compromise entire Jenkins infrastructures. Gain insights into the importance of Jenkins in DevOps stacks of major organizations and understand the potential impact of these vulnerabilities on software delivery processes. Follow along as the speaker details the step-by-step approach to probing, analyzing, and exploiting Jenkins, providing valuable knowledge for cybersecurity professionals and DevOps engineers alike.

Syllabus

Intro
CI/CD PIPELINE
Jenkins in Numbers
Jenkins is useful!
Jenkins is Great!
Jenkins Integrations
Jenkins Needs Access to Secrets
Jenkins in the news: a complete takeover
Preliminary probing - JENKINS_HOME
Preliminary probing [2B]
Jenkins Script console
Shodan probing
probing summary
Jenkins access 2
Jenkins reverse engineering
Jenkins static code analysis
Code analysis summary
CVE 2018-1999043
Exploiting systematically

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Hacking the DevOps Butler - From Nothing to Admin

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.