This was nothing more than someone just running printenv within a script. If your a devops engineer you should know about the Solar Winds hacks that happened a few years ago, those were the real CI/CD and supply chain poisoning tactics.
"engineer" nobody's an engineer here. You're coders/programmers. "Engineer" is glorification. Like calling a garbage man a "refuse management specialist". Or a temp agency guy a "a recruitment consultant". 🥳. By this labelling system I'd be an elite, veteran director of software architecture. But my ego doesn't need it. Let's just be coders and have some humility. This goes out to all you Vice Presidents of Digital Solutions and Senior Prime Ministers of Imagineering. Grow up.
@@endoflevelboss lol some people have actual degrees, masters, PhDs and accreditations in some sort of field of in engineering. We have every right to be called engineers as we don’t only just write “code”. Your expected to engineer technological solutions to solve for the businesses needs. Of course if you aren’t doing that and just writing a bunch of divs and if else logic your just a software developer yes.
You always learn something, even if the videos doesn't teach you anything directly. I had aboslutely no idea ctrl+shift+r would refresh without cache! That's literally a life saver.
You must be new to runners but you still have some good knowlege. Nice video! Btw in bash || is the action executed if errno is non zero. Basically it stops the runner from failing if make fails, if nonzero returned execute true. Pipeline won't crash.
Awesome video as usual, And since hardly anyone can spread the love of cyber security like you do, Is there any chance you can create a video on how to get rid of your presence on the compromised system and logs, avoiding the forensics detection or just bury the evidence of having been on the system and all that? Would be incredibly useful for new comers and those who are searching for some quality content from a believable source. Love and peace brother hammond, You are the best at what you do.
Regarding protected repo, I think task description was trying to be clear that your jenkins file is protected, and we need to modify application repo :)
I could be wrong but you should be able to determine write access on the repo if there is a little edit 🖋 icon near the download button then you have access... maybe?
The urge to learn more haha I couldn't pass it up thank you, Love your content as I am just venturing over to cybersecurity your videos are very educational and easy to watch
Have you tried using set -x ? It will run the script, you will see the output of the script and the commands being executed. You can use set -o to shut that off as well.
Man you are insane, I am working as a Devops Engineer and this has some unique insights, keep up the good work !
This was nothing more than someone just running printenv within a script.
If your a devops engineer you should know about the Solar Winds hacks that happened a few years ago, those were the real CI/CD and supply chain poisoning tactics.
@@Knightfall23 Yeah you are right bro. That guy must be an intern
"engineer" nobody's an engineer here. You're coders/programmers. "Engineer" is glorification. Like calling a garbage man a "refuse management specialist". Or a temp agency guy a "a recruitment consultant". 🥳. By this labelling system I'd be an elite, veteran director of software architecture. But my ego doesn't need it. Let's just be coders and have some humility. This goes out to all you Vice Presidents of Digital Solutions and Senior Prime Ministers of Imagineering. Grow up.
@@endoflevelboss Bro everyone is saying that in a general manner. Everyone refers to it this way. No one asked for your dumb yet useless explanation!
@@endoflevelboss lol some people have actual degrees, masters, PhDs and accreditations in some sort of field of in engineering.
We have every right to be called engineers as we don’t only just write “code”.
Your expected to engineer technological solutions to solve for the businesses needs. Of course if you aren’t doing that and just writing a bunch of divs and if else logic your just a software developer yes.
You always learn something, even if the videos doesn't teach you anything directly. I had aboslutely no idea ctrl+shift+r would refresh without cache! That's literally a life saver.
I found this interesting as a DevOps engineer who is training in DevSecOps. Another risk to mitigate. As always, thanks for the brilliant content!
Great Video! I really like this CI/CD series. please keep them coming
Awesome💯 I am enjoying the CI/CD Series eagerly waiting for your next video
sending love ♥
You must be new to runners but you still have some good knowlege. Nice video! Btw in bash || is the action executed if errno is non zero. Basically it stops the runner from failing if make fails, if nonzero returned execute true. Pipeline won't crash.
Awesome video as usual, And since hardly anyone can spread the love of cyber security like you do, Is there any chance you can create a video on how to get rid of your presence on the compromised system and logs, avoiding the forensics detection or just bury the evidence of having been on the system and all that? Would be incredibly useful for new comers and those who are searching for some quality content from a believable source. Love and peace brother hammond, You are the best at what you do.
Fantastic Eductional video once again John. Keep up the great work !!!
Great video John! You’re the best !
yeah john im enjoying your series of DevSecops love to see more content like this ci/cd pentesting and devsecops keep it up 👍👍👍
Thank you for this video, super helpful for testing.
Awesome
wow, awesome!
Amazing vid
Afrontar los problemas es mejor que huir o esconderse tenga los resultados que tenga
Regarding protected repo, I think task description was trying to be clear that your jenkins file is protected, and we need to modify application repo :)
I could be wrong but you should be able to determine write access on the repo if there is a little edit 🖋 icon near the download button then you have access... maybe?
you are amazing 💯
Amazing video as always 😂 I signed up for snyk as well 👍 thank you very much 😊
YAAAASSS THANK YOU FOR JUMPING INTO SNYK!!
The urge to learn more haha I couldn't pass it up thank you, Love your content as I am just venturing over to cybersecurity your videos are very educational and easy to watch
Have you tried using set -x ? It will run the script, you will see the output of the script and the commands being executed.
You can use set -o to shut that off as well.
First! Haha love your videos John!
Amazing..
This is fun
What tools do you advise beginners to use?
I am not sure there *is* a way to tell for sure if branch protection is on.
How to find such issue for a bug bounty programs
And how do we solve or avoid this issue?
I liek it
It really is a headache when a new dev or inexperienced cicd dev joins the team, because you're constantly seeing commits for this kind of stuff.
what the hell he just did ?