Hackers of India

Continuous Intrusion: Why CI tools are an Attacker’s Best Friends

By  Nikhil Mittal  on 13 Nov 2015 @ Blackhat


Presentation Material

Abstract

Continuous Integration (CI) tools provide an excellent attack surface due to the no/poor security controls, distributed build management capability, and level of access/privileges in an enterprise.

This talk looks at the CI tools from an attacker’s perspective and to use them as portals for getting a foothold and lateral movement. We will see how to execute attacks like command and script execution, credentials stealing, privilege escalation to not only compromise the build process but the underlying operating system and even entire Windows domains. No memory corruption bugs will be exploited and only the features of the CI tools will be used.

Popular CI tools, open source as well as proprietary will be the targets. The talk will be full of live demonstrations.