YoVDO

Continuous Intrusion - Why CI Tools Are An Attacker's Best Friends

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Ethical Hacking Courses Privilege Escalation Courses Credential Theft Courses

Course Description

Overview

Explore the vulnerabilities of Continuous Integration (CI) tools from an attacker's perspective in this eye-opening Black Hat conference talk. Discover how these tools can serve as portals for gaining footholds and facilitating lateral movement within enterprise systems. Learn about various attack techniques, including command and script execution, credential theft, and privilege escalation, that can compromise not only the build process but also the underlying operating system and entire Windows domains. Through live demonstrations, examine how both open-source and proprietary CI tools can be exploited using their inherent features, without relying on memory corruption bugs. Gain valuable insights into the security risks associated with CI tools and understand why they are considered an attacker's best friend due to their poor security controls, distributed build management capabilities, and high-level access privileges in enterprise environments.

Syllabus

Continuous Intrusion: Why CI Tools Are An Attacker's Best Friends


Taught by

Black Hat

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent
Enterprise Security Fundamentals
Microsoft via edX
Penetration Testing - Post Exploitation
New York University (NYU) via edX
Ultimate Ethical Hacking and Penetration Testing (UEH)
Udemy
Hands-on Penetration Testing Labs 4.0
Udemy