Found 2 bookmarks
Custom sorting
GitHub - Aetsu/OffensivePipeline: OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
GitHub - Aetsu/OffensivePipeline: OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. - GitHub - Aetsu/OffensivePipeline: OfensivePipe...
·github.com·
GitHub - Aetsu/OffensivePipeline: OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
10 real-world stories of how we’ve compromised CI/CD pipelines
10 real-world stories of how we’ve compromised CI/CD pipelines
Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC Group has found many attack paths through different security assessments that could have led to a compromised CI/CD pipeline in enterprises large and small. In this post, we will share some of our war stories about what we have observed and been able to demonstrate on CI/CD pipeline security assessments, clearly showing why there is the saying, “they are execution engines"
·research.nccgroup.com·
10 real-world stories of how we’ve compromised CI/CD pipelines