YoVDO

RCE-as-a-Service - Lessons Learned from 5 Years of Real-World CI-CD Pipeline Compromise

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Remote Code Execution (RCE) Courses Vulnerability Assessment Courses CI/CD Pipelines Courses Remote Code Execution Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the critical security vulnerabilities in CI/CD pipelines through this 39-minute Black Hat conference talk. Discover why these pipelines represent the most dangerous potential attack surface in the software supply chain. Learn about commonly used technologies, their applications, and why they are prime targets within a company's infrastructure. Examine specific examples and live demonstrations of novel abuses of intended functionality in automated pipelines, showcasing how build pipelines can be transformed from developer utilities into Remote Code Execution-as-a-Service. Gain valuable insights from Iain Smart and Viktor Gazdag's five years of real-world experience in CI/CD pipeline compromise.

Syllabus

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise


Taught by

Black Hat

Related Courses

Burp Suite - Basic Concepts for Web Pentesting
YouTube Rawr - Rapid Assessment of Web Resources
YouTube Analyzing & Breaking QNX Exploit Mitigations and PRNGs for Embedded Systems
Black Hat via YouTube Fuzzing File System Implementations to Uncover Security Bugs
Hack In The Box Security Conference via YouTube Building an AppSec Program from the Ground Up - An Honest Retrospective
LASCON via YouTube