Attacking DevOps Pipelines
Workshop Abstract
This training lab will walk students through practical, field-tested red team attacks against popular DevOps platforms. Students will get hands-on as they attack the fictitious World of Baseball Analysis (WOBA) LLC, a leader in advanced baseball scouting and research. Students will be taught how to identify escalation pathways through software development pipelines, CI/CD systems, and automation frameworks as they try to gain access to WOBA's intellectual property and flagship software platform.
Students will be exposed to TTPs pulled from real-world adversary simulations against source code repositories, build servers, credential vaults, automation tools, and Infrastructure-as-Code (IaC) platforms.
Requirements:
A laptop with an OpenVPN client, browser, and RDP/SSH client. Students will receive an OpenVPN configuration file that provides access to the training environment.
Attendee cap:
50
Date & Time
September 8, 2023 | 9:00 AM - 1:00 PM
Location
In-Person
Jefferson Community and Technical College (JCTC) - 110 W Chestnut St, Louisville, KY 40202
Your Instructors
Tom Porter
Tom Porter (@porterhau5) started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began writing netflow analytics for a DoD-based blue team, eventually pivoting to a role as an offensive security consultant for Accenture’s FusionX Red Team.
Colbert Zhu
Colbert Zhu is an offensive security consultant with experience in penetration testing, purple teams, and objective-based adversary simulations. Colbert is also an avid Yankees fan and fond of making Excel spreadsheets for fantasy baseball.
