S.E.Reborn (@S_E_Reborn): 👨‍💻 Attacking Against DevOps Environment. • • • • • • • • • • • • • • • • … - Message #5693
S.E.Reborn
A+ @S_E_Reborn
Copyright: @SEAdm1n

Вакансии: @infosec_work

Информационная безопасность. Литература для ИТ специалистов. Пентест, OSINT, СИ, DevOps, Администрирование.

Сотрудничество - @SEAdm1n

РКН: https://vk.cc/cN3VEF
View in Telegram
Blog
About
User Agreement
Download Telegram
S.E.Reborn
22K subscribers
S.E.Reborn
Attacking Against DevOps Environment.

SCM AUTHENTICATION;
CI/CD service authentication;
Organization’s public repositories;
Configured webhooks;
Configured webhooks;
Direct PPE (d-PPE);
Indirect PPE (i-PPE);
Public PPE;
Public dependency confusion;
Public package** hijack (“repo-jacking”);
Typosquatting;
DevOps resources compromise;
Changes in repository;
Inject in Artifacts;
Modify images in registry;
Create service credentials;
Secrets in private repositories;
Commit/push to protected branches;
Certificates and identities from metadata services;
User Credentials;
Service Credentials;
Compromise build artifacts;
Registry injection;
Spread to deployment resources;
Service logs manipulation;
Compilation manipulation;
Reconfigure branch protections;
DDoS;
Cryptocurrency mining;
Local DoS;
Resource deletion;
Clone private repositories;
Pipeline logs;
Exfiltrate data from production resources.

➡️ https://blog.devsecopsguides.com

#DevOps
3
3.1K views 110 forwards
View in Telegram
S.E.Reborn
A+ @S_E_Reborn
Copyright: @SEAdm1n

Вакансии: @infosec_work

Информационная безопасность. Литература для ИТ специалистов. Пентест, OSINT, СИ, DevOps, Администрирование.

Сотрудничество - @SEAdm1n

РКН: https://vk.cc/cN3VEF