YoVDO

Reverse Engineering and Exploiting Builds in the Cloud

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Continuous Deployment Courses Continuous Integration Courses Cloud Security Courses Supply Chain Attacks Courses Container Security Courses Multi-Tenancy Courses

Course Description

Overview

Explore the security vulnerabilities in multi-tenant cloud build environments and container-based CI/CD pipelines in this 47-minute Black Hat conference talk. Gain a concise introduction to Continuous Integration, Delivery, and Deployment (CI/CD) and containers from a hacker's perspective. Discover various security pitfalls through live demonstrations, including reverse engineering techniques and exploitation methods. Learn about potential attack scenarios, supply chain attacks, and the impact of compromised build environments. Understand remediation strategies, component verification, and best practices for securing CI/CD processes. Delve into topics such as evil forks, OCR image attacks, and the power of commands in containers. Equip yourself with knowledge to enhance the security of cloud-based software development and deployment workflows.

Syllabus

Intro
Shoutouts
Heroku Engineering
What is CICD
CICD Components
Common Deployment Patterns
Fully Multitenant
Single Tenant
Networking
Virtual Network
Add Directive
Demo
Whats the impact
Remediation
Assumptions
Power of Command
Commands in Containers
Orchestrators Fail
Component Verification
Supply Chain Attacks
Potential Attack Scenario
Build Environments
How do we do this
Demo OCR Image
Demo OCR Image Containers
Evil Forks
Cheat Sheets
Conclusion
Supply chain security
Wrapup
Multitenancy
Research
Thank you


Taught by

Black Hat

Related Courses

AZ-500: Microsoft Azure Security Technologies (LA)
A Cloud Guru
Kubernetes Security
A Cloud Guru
Scenario Based Docker Security
A Cloud Guru
Scenario Based LXD/LXC Security
A Cloud Guru
Secure Container Host Operating System
A Cloud Guru