Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Attacking Development Pipelines for Actual Profit

44CON Information Security Conference via YouTube

Start learning Write review
Coursera Ad

Google, IBM & Microsoft Certificates — All in One Plan

Learn More → Corporate Finance Institute Ad

Finance Certifications Goldman Sachs & Amazon Teams Trust

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore the vulnerabilities in CI/CD pipelines and learn how to exploit them for profit in this 25-minute conference talk from the 44CON Information Security Conference. Dive into real-world issues involving Perforce, network storage, and cross-instance compromise. Discover methodologies for secret management, report manipulation, and deployment exploitation. Examine practical tools like SSH reverse shells and research servers. Analyze a classic DNS rebinding attack on web hooks. Gain valuable insights into attacking development pipelines and understand the potential risks and rewards associated with these security weaknesses.

Syllabus

Introduction
CI/CD Pipelines?
CI/CD: Command Execution as a Service
Methodology - Definition
IRL Issue: Perforce
IRL Issue: Network Storage
Methodology - Execution
Tooling - SSHReverse Shell
IRL Issue: Cross Instance Compromise
Methodology - Secret Management
IRL Issue: VMware guestinfo variables
Methodology - Reports
Tooling - Research Servers
IRL Issue: Web Hook - Classic DNS Rebinding
Methodology - Deployment
Summary

Taught by

44CON Information Security Conference

Reviews

Start your review of Attacking Development Pipelines for Actual Profit

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.