CI/CD GOAT: Mad Hatter Capture The Flag
Вставка
- Опубліковано 15 вер 2024
- jh.live/snykct... || Learn the ropes for Capture the Flag challenges and categories with Snyk's live CTF 101 workshop on March 30th, 2023! jh.live/snykct...
🔥 UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Man you are insane, I am working as a Devops Engineer and this has some unique insights, keep up the good work !
This was nothing more than someone just running printenv within a script.
If your a devops engineer you should know about the Solar Winds hacks that happened a few years ago, those were the real CI/CD and supply chain poisoning tactics.
@@Knightfall23 Yeah you are right bro. That guy must be an intern
"engineer" nobody's an engineer here. You're coders/programmers. "Engineer" is glorification. Like calling a garbage man a "refuse management specialist". Or a temp agency guy a "a recruitment consultant". 🥳. By this labelling system I'd be an elite, veteran director of software architecture. But my ego doesn't need it. Let's just be coders and have some humility. This goes out to all you Vice Presidents of Digital Solutions and Senior Prime Ministers of Imagineering. Grow up.
@@endoflevelboss Bro everyone is saying that in a general manner. Everyone refers to it this way. No one asked for your dumb yet useless explanation!
@@endoflevelboss lol some people have actual degrees, masters, PhDs and accreditations in some sort of field of in engineering.
We have every right to be called engineers as we don’t only just write “code”.
Your expected to engineer technological solutions to solve for the businesses needs. Of course if you aren’t doing that and just writing a bunch of divs and if else logic your just a software developer yes.
You always learn something, even if the videos doesn't teach you anything directly. I had aboslutely no idea ctrl+shift+r would refresh without cache! That's literally a life saver.
I found this interesting as a DevOps engineer who is training in DevSecOps. Another risk to mitigate. As always, thanks for the brilliant content!
Great Video! I really like this CI/CD series. please keep them coming
Awesome video as usual, And since hardly anyone can spread the love of cyber security like you do, Is there any chance you can create a video on how to get rid of your presence on the compromised system and logs, avoiding the forensics detection or just bury the evidence of having been on the system and all that? Would be incredibly useful for new comers and those who are searching for some quality content from a believable source. Love and peace brother hammond, You are the best at what you do.
sending love ♥
Awesome💯 I am enjoying the CI/CD Series eagerly waiting for your next video
Fantastic Eductional video once again John. Keep up the great work !!!
yeah john im enjoying your series of DevSecops love to see more content like this ci/cd pentesting and devsecops keep it up 👍👍👍
You must be new to runners but you still have some good knowlege. Nice video! Btw in bash || is the action executed if errno is non zero. Basically it stops the runner from failing if make fails, if nonzero returned execute true. Pipeline won't crash.
Awesome
Great video John! You’re the best !
Regarding protected repo, I think task description was trying to be clear that your jenkins file is protected, and we need to modify application repo :)
Thank you for this video, super helpful for testing.
Afrontar los problemas es mejor que huir o esconderse tenga los resultados que tenga
Amazing vid
wow, awesome!
Have you tried using set -x ? It will run the script, you will see the output of the script and the commands being executed.
You can use set -o to shut that off as well.
I could be wrong but you should be able to determine write access on the repo if there is a little edit 🖋 icon near the download button then you have access... maybe?
Amazing video as always 😂 I signed up for snyk as well 👍 thank you very much 😊
YAAAASSS THANK YOU FOR JUMPING INTO SNYK!!
The urge to learn more haha I couldn't pass it up thank you, Love your content as I am just venturing over to cybersecurity your videos are very educational and easy to watch
This is fun
you are amazing 💯
Amazing..
First! Haha love your videos John!
I am not sure there *is* a way to tell for sure if branch protection is on.
What tools do you advise beginners to use?
How to find such issue for a bug bounty programs
And how do we solve or avoid this issue?
I liek it
It really is a headache when a new dev or inexperienced cicd dev joins the team, because you're constantly seeing commits for this kind of stuff.
what the hell he just did ?