Continuous Intrusion - Why CI Tools Are An Attacker's Best Friends
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the vulnerabilities of Continuous Integration (CI) tools from an attacker's perspective in this eye-opening Black Hat conference talk. Discover how these tools can serve as portals for gaining footholds and facilitating lateral movement within enterprise systems. Learn about various attack techniques, including command and script execution, credential theft, and privilege escalation, that can compromise not only the build process but also the underlying operating system and entire Windows domains. Through live demonstrations, examine how both open-source and proprietary CI tools can be exploited using their inherent features, without relying on memory corruption bugs. Gain valuable insights into the security risks associated with CI tools and understand why they are considered an attacker's best friend due to their poor security controls, distributed build management capabilities, and high-level access privileges in enterprise environments.
Syllabus
Continuous Intrusion: Why CI Tools Are An Attacker's Best Friends
Taught by
Black Hat
Related Courses
CNIT 127: Exploit DevelopmentCNIT - City College of San Francisco via Independent Enterprise Security Fundamentals
Microsoft via edX Penetration Testing - Post Exploitation
New York University (NYU) via edX Ultimate Ethical Hacking and Penetration Testing (UEH)
Udemy Hands-on Penetration Testing Labs 4.0
Udemy