YoVDO

RCE-as-a-Service - Lessons Learned from 5 Years of Real-World CI-CD Pipeline Compromise

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Remote Code Execution (RCE) Courses Vulnerability Assessment Courses CI/CD Pipelines Courses Remote Code Execution Courses Attack Surface Analysis Courses

Course Description

Overview

Explore the critical security vulnerabilities in CI/CD pipelines through this 39-minute Black Hat conference talk. Discover why these pipelines represent the most dangerous potential attack surface in the software supply chain. Learn about commonly used technologies, their applications, and why they are prime targets within a company's infrastructure. Examine specific examples and live demonstrations of novel abuses of intended functionality in automated pipelines, showcasing how build pipelines can be transformed from developer utilities into Remote Code Execution-as-a-Service. Gain valuable insights from Iain Smart and Viktor Gazdag's five years of real-world experience in CI/CD pipeline compromise.

Syllabus

RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise


Taught by

Black Hat

Related Courses

CompTIA PenTest+ Certification
A Cloud Guru AWS SimuLearn: Cyber Security Threats
Amazon Web Services via AWS Skill Builder Ethical Hacking
Cabrillo College via California Community Colleges System Network Security
City College of San Francisco via California Community Colleges System Ethical Hacking
Chaffey College via California Community Colleges System