YoVDO

RCE-as-a-Service - Lessons Learned from 5 Years of Real-World CI-CD Pipeline Compromise

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Remote Code Execution (RCE) Courses Vulnerability Assessment Courses CI/CD Pipelines Courses Remote Code Execution Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the critical security vulnerabilities in CI/CD pipelines through this 39-minute Black Hat conference talk. Discover why these pipelines represent the most dangerous potential attack surface in the software supply chain. Learn about commonly used technologies, their applications, and why they are prime targets within a company's infrastructure. Examine specific examples and live demonstrations of novel abuses of intended functionality in automated pipelines, showcasing how build pipelines can be transformed from developer utilities into Remote Code Execution-as-a-Service. Gain valuable insights from Iain Smart and Viktor Gazdag's five years of real-world experience in CI/CD pipeline compromise.

Syllabus

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise


Taught by

Black Hat

Related Courses

Evaluación de peligros y riesgos por fenómenos naturales
Universidad Nacional Autónoma de México via Coursera Internet Security
openHPI Planning a Security Incident Response
Microsoft via edX Cyber Security
CEC via Swayam Ethical Hacking
Indian Institute of Technology, Kharagpur via Swayam