Controlling the Source: Abusing Source Code Management Systems
Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the enterprise as part of the DevOps pipeline, such as CI/CD systems like Jenkins. These SCM systems provide attackers with opportunities for software supply chain attacks and can facilitate lateral movement and privilege escalation throughout an presentation will include a background on SCM systems, along with detailing ways to abuse some of the most popular SCM systems such as GitHub Enterprise, GitLab Enterprise and Bitbucket to perform various attack scenarios. These attack scenarios will include reconnaissance, manipulation of user roles, repository takeover, pivoting to other DevOps systems, user impersonation and maintaining persistent access. Additionally, there will be a public release of open-source tooling to perform and facilitate these attacks, along with defensive guidance for protecting these SCM systems.
By: Brett Hawkins
Full Abstract & Presentation Materials: #controlling-the-source-abusing-source-code-management-systems-26423
0 views
0
0
4 days ago 00:00:23 0
The Japanese Monk Who Faced a Bear... Without Moving
4 days ago 00:03:19 2
Azerbaijan Arrests Journalists, Russia Threatens Consequences! | Putin | Baku | World News | ET Now
2 weeks ago 00:07:47 0
The World’s First Flying Humanoid Robot
2 weeks ago 00:00:00 0
IDRISS ABERKANE : “ÉRIC DENÉCÉ ÉTAIT SUR LA LISTE DES HOMMES À ABATTRE…” | GPTV
2 weeks ago 02:07:57 0
Shocking Truck Crashes Caught On Camera You Have To See To Believe
2 weeks ago 00:01:07 1
What Are the Common Issues with Laser Marking Additives? #lasermarking #laser #plastic #additive
3 weeks ago 00:00:23 2
Split-Brain Experiments Prove You’re Not One Person
3 weeks ago 01:05:40 18
Out of Body Encounters with Non-Human Intelligence in Multiple Dimensions
3 weeks ago 00:02:14 0
Foundation — Season 3 Official Trailer | Apple TV+
3 weeks ago 00:02:49 3
j-hope ‘Killin’ It Girl (feat. GloRilla)’ Official MV