YoVDO

RCE-as-a-Service - Lessons Learned from 5 Years of Real-World CI-CD Pipeline Compromise

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Remote Code Execution (RCE) Courses Vulnerability Assessment Courses CI/CD Pipelines Courses Remote Code Execution Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the critical security vulnerabilities in CI/CD pipelines through this 39-minute Black Hat conference talk. Discover why these pipelines represent the most dangerous potential attack surface in the software supply chain. Learn about commonly used technologies, their applications, and why they are prime targets within a company's infrastructure. Examine specific examples and live demonstrations of novel abuses of intended functionality in automated pipelines, showcasing how build pipelines can be transformed from developer utilities into Remote Code Execution-as-a-Service. Gain valuable insights from Iain Smart and Viktor Gazdag's five years of real-world experience in CI/CD pipeline compromise.

Syllabus

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise


Taught by

Black Hat

Related Courses

Cloud DevOps Engineer
Udacity DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Docker - SWARM - Hands-on - DevOps
Udemy Docker and Kubernetes: The Complete Guide
Udemy