隔离的假象:CICD 服务器中的隔离失效如何导致远程代码执行和隐私风险.pdf

编号:981831 PDF 106页 4.23MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHAS BlackHatEventsThe Illusion of Isolation:How Isolation Failures in CI/CD Servers Lead to RCE and Privacy RisksSpeakers:Tian Zhou,YiWen Wang#BHAS BlackHatEventsAbout UsCTFer NeSEWeb Security ResearcherTian Zhou(byc_404)YiWen Wang(rebirth)CTFer NeSEWeb Security Researcher#BHAS BlackHatEventsOutli

2、ne1.Introduction2.Exploit the Isolation in CI/CD3.Real World Cases4.Takeways#BHAS BlackHatEventsOutline1.Introduction#BHAS BlackHatEventsBasic Workflow of CI/CD A typical CI/CD workflow looks like#BHAS BlackHatEventsKey Components of CIServerWorkersCI/CD Platform#BHAS BlackHatEventsKey Components of

3、 CIServer Integrating with SCM Audit log of changes Design your own pipelines Send command to Workers Maintains build records#BHAS BlackHatEventsKey Components of CIWorkers Workers/Agents/Runners They are all the same!Runs on any OS Could be a machine,a container/pod Run jobs in a pipeline#BHAS Blac

4、kHatEventsIsolation MechanismsBy default,Server configure jobs and let workers finish themWorkers and server are isolated by physical machine boundaries or container mechanisms#BHAS BlackHatEventsIsolation MechanismsCommand executes on different machinesCode may built in isolated ContainersCode shou

5、ld be separated in filesystem-levelFile Isolationmachine-amachine-b#BHAS BlackHatEventsIsolation MechanismsSever and worker are isolated by physical boundaries Projects are built in isolated virtualized environmentProjects implement access control through RBAC policiesData Isolation#BHAS BlackHatEve

6、ntsIsolation MechanismsIt looks like all CI/CD functionalities follow the isolation mechanisms But is that really the case?Lets see if flaws of isolation mechanisms lead to Security Problems#BHAS BlackHatEventsOutline2.Exploit the Isolation in CI/CD#BHAS BlackHatEventsAttack the CI/CDAttack Ways#BHA

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(隔离的假象:CICD 服务器中的隔离失效如何导致远程代码执行和隐私风险.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠