Continuous Intrusion: Why CI Tools Are An Attacker's Best Friends

by Nikhil Mittal

Continuous Integration (CI) tools provide an excellent attack surface due to the no/poor security controls, distributed build management capability, and level of access/privileges in an enterprise.

This talk looks at the CI tools from an attacker's perspective and to use them as portals for getting a foothold and lateral movement. We will see how to execute attacks like command and script execution, credentials stealing, privilege escalation to not only compromise the build process but the underlying operating system and even entire Windows domains. No memory corruption bugs will be exploited and only the features of the CI tools will be used.

Popular CI tools, open source as well as proprietary will be the targets. The talk will be full of live demonstrations.

Continuous Intrusion: Why CI Tools Are An Attacker's Best Friends blackhat 2015
7 Likes	7 Dislikes
2,067 views views	117K followers
People & Blogs	Upload TimePublished on 5 Mar 2016

Related keywords

1. infosec news
2. information security manager
3. blackhat asia 2019
4. blackhat 2019
5. infosec twitter
6. blackhat 2018
7. black hat seo technique
8. blackhat europe
9. blackhat badger sekiro
10. black hat x reader
11. black hat cartoon
12. black hat x dr flug
13. cyber securityとは
14. blackhat conference 2019
15. cyber security cloud
16. black hat full movie
17. blackhat badger
18. blackhat forum
19. information security foundation 勉強
20. infosec rotkreuz
21. cyber security framework
22. information security policy template
23. infosecurity utrecht
24. infosec ups system
25. cyber security news
26. cyber security act
27. infosecurity
28. blackhat full movie
29. infosec blog
30. black hat badger
31. information security foundation 参考書
32. information security management system
33. cyber security conference
34. black hat seo
35. cyber security pro
36. black hat movie
37. blackhat imdb
38. infosec podcast
39. black hat cast
40. cyber security pro 新しいネットワークが検出されました
41. cyber security cloud managed rules
42. cyber security measures
43. information security governance
44. infosec global
45. infosecurity europe 2020
46. infosec health
47. infosec magazine
48. information security 日本語
49. infosec 19
50. black hat anime
51. information security foundation
52. infosecurity magazine
53. cyber security tokyo
54. black hat meaning
55. black hatch
56. information security definition
57. information security pdf
58. infosec europe 2019
59. cyber security market
60. infosec institute
61. infosec 2019 london
62. information security foundation 難易度
63. black hatch gamefowl
64. cyber security management system
65. information security certifications
66. blackhat film
67. cyber security pro アンインストール
68. information security specialist
69. cyber security 意味
70. cyber security analyst
71. information security policy
72. black hat usa 2019
73. information security forum
74. information security news
75. infosec conferences
76. information security officer
77. infosekta
78. cyber security japan
79. blackhat trailer
80. information security analyst
81. cyber security university
82. black hat hacker
83. black hat forum
84. cyber security company
85. black hat hacking
86. black hat villainous
87. blackhat conference
88. information security foundation based on iso/iec 27001
89. blackhat usa
90. cyber security report
91. blackhatworld
92. black hat x demencia
93. information security management
94. blackhat cast
95. black hat 2019
96. infosec reactions