Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific environment. What the tool does SmokedMeat takes a flagged pipeline vulnerability and executes a live demonstration against a team’s own infrastructure. Starting from a single vulnerability, it deploys a payload, compromises the runner, harvests credentials from process memory, exchanges those credentials for cloud access, exposes … More
The post SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: