YoVDO

RCE-as-a-Service - Lessons Learned from 5 Years of Real-World CI-CD Pipeline Compromise

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Remote Code Execution (RCE) Courses Vulnerability Assessment Courses CI/CD Pipelines Courses Remote Code Execution Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the critical security vulnerabilities in CI/CD pipelines through this 39-minute Black Hat conference talk. Discover why these pipelines represent the most dangerous potential attack surface in the software supply chain. Learn about commonly used technologies, their applications, and why they are prime targets within a company's infrastructure. Examine specific examples and live demonstrations of novel abuses of intended functionality in automated pipelines, showcasing how build pipelines can be transformed from developer utilities into Remote Code Execution-as-a-Service. Gain valuable insights from Iain Smart and Viktor Gazdag's five years of real-world experience in CI/CD pipeline compromise.

Syllabus

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise


Taught by

Black Hat

Related Courses

Bug Bounty In Hindi
YouTube CVE Series: Confluence RCE (CVE-2022-26134)
Cybrary Achieving Linux Kernel Code Execution Through a Malicious USB Device
Black Hat via YouTube Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime
Black Hat via YouTube Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube