Thursday, December 28, 2023

TRYHACKME'S ADVENT OF CYBER 2023 ( DAY 21 )

 

Day 21 - "Yule be Poisoned: A Pipeline of Insecure Code!"

The learning objectives for day 21 were:

  • Understand how a larger CI/CD environment operates.
  • Explore indirect poisoned pipeline execution (PPE) and how it can be used to exploit Git.
  • Apply CI/CD exploitation knowledge to the larger CI/CD environment.

In this task we poisoned the pipeline and we had to find certain information , we did this by cloning the repository and since the repository containing the source was not write-protected. we modified the pipeline file to execute the commands that gave us the required information.

Click here to see the tutorial.


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

MY EXPERIENCE ON ADVENT OF CYBER 2023

  Tryhackme’s advent of cyber 2023 was a great experience, it was very beginner friendly and they provided well setup labs with a storyline ...