YoVDO

Controlling the Source - Abusing Source Code Management Systems

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Privilege Escalation Courses Lateral Movement Courses Bitbucket Courses Reconnaissance Courses Software Supply Chain Attacks Courses

Course Description

Overview

Explore the vulnerabilities and attack vectors in Source Code Management (SCM) systems in this 37-minute Black Hat conference talk. Delve into the critical role SCM systems play in organizations and their integration with DevOps pipelines. Discover how attackers can exploit these systems for software supply chain attacks, lateral movement, and privilege escalation. Learn about attack scenarios targeting popular SCM platforms like GitHub Enterprise, GitLab Enterprise, and Bitbucket, including reconnaissance techniques, user role manipulation, repository takeover, pivoting to other DevOps systems, user impersonation, and maintaining persistent access. Gain insights into open-source tooling for performing these attacks and receive defensive guidance to protect SCM systems. Presented by Brett Hawkins, this talk highlights the often-overlooked security aspects of SCM systems compared to other critical enterprise systems.

Syllabus

Controlling the Source: Abusing Source Code Management Systems


Taught by

Black Hat

Related Courses

The Evolution of the Software Supply Chain Attack
Pluralsight AI and Cybersecurity - The Twain Shall Meet
CAE in Cybersecurity Community via YouTube Whom Do You Trust - MSPs and Other Forgotten Risks for SMBs
RSA Conference via YouTube Code Dependency - Chinese APTs in Software Supply Chain Attacks
BSidesLV via YouTube A Critical Assessment of Supply Chain Intrusion Vectors
BruCON Security Conference via YouTube