TryHackMe Advent of Cyber 2023 | [Day 21] DevSecOps Yule be Poisoned: A Pipeline of Insecure Code!

Channel:
United Kingdom MSec
Subscribers:
537
Published on ● Video Link: https://www.youtube.com/watch?v=rxYp_0GlPvQ


Duration: 28:10
130 views
1

Skip to answers: 20:17

Get started with Cyber Security in 24 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.

Watch these streams live over on Twitch at [https://www.twitch.tv/msec](https://www.twitch.tv/msec)

If you want to get £5 credit when signing up to a TryHackMe subscription then please use my referral code: [https://tryhackme.com/signup?referrer=607d626582258725e9bc2bf6](https://tryhackme.com/signup?referrer=607d626582258725e9bc2bf6)

[Day 21] DevSecOps Yule be Poisoned: A Pipeline of Insecure Code!

In today’s task, you will:
* Understand how a larger CI/CD environment operates.
* Explore indirect poisoned pipeline execution (PPE) and how it can be used to exploit Git.
* Apply CI/CD exploitation knowledge to the larger CI/CD environment.

Extra Reading:
* https://git-scm.com/docs
* https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow
* https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-04-Poisoned-Pipeline-Execution

The Advent of Cyber 2023 room URL is: [https://tryhackme.com/room/adventofcyber2023](https://tryhackme.com/room/adventofcyber2023) -- Watch live at https://www.twitch.tv/msec



Other Videos By MSec


2024-03-10AWS Developer Associate (DVA-C02) Certification: AWS Basic EC2 Challenge
2024-03-10AWS Developer Associate (DVA-C02) Certification: Transforming Your Data with Amazon S3 Object Lambda
2024-03-10AWS Developer Associate (DVA-C02) Certification: Deploy a PHP application using Elastic Beanstalk
2024-03-10AWS Developer Associate (DVA-C02) Certification: Getting Started with the AWS SAM CLI
2024-03-10AWS Developer Associate (DVA-C02) Certification: Introduction to AWS Lambda
2024-01-01Steamboat Willie 1928 by Walt Disney | Now In The Public Domain
2023-12-29TryHackMe | Advent of Cyber '23 Side Quest | The Return of the Yeti - Side Quest Challenge 1 Flag
2023-12-24TryHackMe Advent of Cyber 2023 | [Day 24] You Are on the Naughty List, McGreedy
2023-12-23TryHackMe Advent of Cyber 2023 | [Day 23] Coerced Authentication Relay All the Way
2023-12-22TryHackMe Advent of Cyber 2023 | [Day 22] SSRF Jingle Your SSRF Bells: A Merry Command & Control Hac
2023-12-21TryHackMe Advent of Cyber 2023 | [Day 21] DevSecOps Yule be Poisoned: A Pipeline of Insecure Code!
2023-12-20TryHackMe Advent of Cyber 2023 | [Day 20] DevSecOps Advent of Frostlings
2023-12-19TryHackMe Advent of Cyber 2023 | [Day 19] Memory forensics CrypTOYminers Sing Volala-lala-latility
2023-12-18TryHackMe Advent of Cyber 2023 | [Day 18] Eradication A Gift That Keeps on Giving
2023-12-17Highlight: THM Advent of Cyber 2023 | [Day 17] Traffic analysis I Tawt I Taw A C2 Tat!
2023-12-16TryHackMe Advent of Cyber 2023 | [Day 16] Machine learning Can't CAPTCHA this Machine!
2023-12-15TryHackMe Advent of Cyber 2023 | [Day 15] Machine learning Jingle Bell SPAM: Machine Learning Saves
2023-12-15TryHackMe Advent of Cyber 2023 | [Day 14] Machine learning The Little Machine That Wanted to Learn
2023-12-13TryHackMe Advent of Cyber 2023 | [Day 13] Intrusion detection To the Pots, Through the Walls
2023-12-12TryHackMe Advent of Cyber 2023 | [Day 12] Defence in depth Sleighing Threats, One Layer at a Time
2023-12-11TryHackMe Advent of Cyber 2023 | [Day 11] Active Directory Jingle Bells, Shadow Spells


Tags:
CI/CD best practices
CI/CD security
DevOps security
DevSecOps
SSDLC
continuous delivery
continuous integration
cybersecurity
games
pipeline execution
poisoned pipeline
secure coding
secure development lifecycle
secure software development
software security
twitch