Day 21

DevSecOps Yule be Poisoned: A Pipeline of Insecure Code!

Learning Objectives

• Understand how a larger CI/CD environment operates.

• Explore indirect poisoned pipeline execution (PPE) and how it can be used to exploit Git.

• Apply CI/CD exploitation knowledge to the larger CI/CD environment.

This room is again a very straightforward one with all commands and instructions already given. We just need to follow along and run them.

What Linux kernel version is the Jenkins node?
[REDACTED]

Make changes to 'Makefile' and after pushing, run a build.

What value is found from /var/lib/jenkins/secret.key?
[REDACTED]

Make changes to 'Makefile' and after pushing, run a build.