Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Reverse Engineering and Exploiting Builds in the Cloud

Black Hat via YouTube

Overview

Explore the security vulnerabilities in multi-tenant cloud build environments and container-based CI/CD pipelines in this 47-minute Black Hat conference talk. Gain a concise introduction to Continuous Integration, Delivery, and Deployment (CI/CD) and containers from a hacker's perspective. Discover various security pitfalls through live demonstrations, including reverse engineering techniques and exploitation methods. Learn about potential attack scenarios, supply chain attacks, and the impact of compromised build environments. Understand remediation strategies, component verification, and best practices for securing CI/CD processes. Delve into topics such as evil forks, OCR image attacks, and the power of commands in containers. Equip yourself with knowledge to enhance the security of cloud-based software development and deployment workflows.

Syllabus

Intro
Shoutouts
Heroku Engineering
What is CICD
CICD Components
Common Deployment Patterns
Fully Multitenant
Single Tenant
Networking
Virtual Network
Add Directive
Demo
Whats the impact
Remediation
Assumptions
Power of Command
Commands in Containers
Orchestrators Fail
Component Verification
Supply Chain Attacks
Potential Attack Scenario
Build Environments
How do we do this
Demo OCR Image
Demo OCR Image Containers
Evil Forks
Cheat Sheets
Conclusion
Supply chain security
Wrapup
Multitenancy
Research
Thank you

Taught by

Black Hat

Reviews

Start your review of Reverse Engineering and Exploiting Builds in the Cloud

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.