SlideShare a Scribd company logo

Exploiting publically exposed Version Control System

Anant Shrivastava
Anant Shrivastava

This document discusses exploiting version control systems (VCS) like Git, SVN, and Mercurial. It describes how VCS work and why they can be exploited, noting that auto-deployment features can allow code to be deployed by committing changes. It provides an overview of common VCS files and folders that can be used to extract code from repositories. Tools for extracting code from VCS are also listed. The document concludes with a demonstration of exploiting VCS and checks that can be done to find exposed VCS files.

Technology
1 of 16
Download to read offline
EXPLOITING VERSION CONTROL SYSTEMS PILLAGING FOR FUN AND PROFIT   BY ANANT SHRIVASTAVA
ANANT SHRIVASTAVA Information Security Consultant Admin - Dev - Security null + OWASP + G4H and @anantshri Trainer : Blackhat USA, NullCon, g0s, c0c0n, RootConf Speaker : Nullcon, c0c0n, ClubHack, RootConf http://anantshri.info        
WHAT IS VCS Version Control System The hip / developers way of deploying code Supports Auto-Deployment on commit
WHY EXPLOIT Coz its fun Its like a golden ticket Auto-deployment if available makes it more hip.
VCS 101 Type FOLDER GIT .git SVN .svn Mercurial .hg
PREDICATABLE FILES .git/HEAD .hg/requires .bzr/README
ROBOTS.TXT OF VCS .gitignore
TOOLS 1. SVN-extractor (Only SVN) (on top coz i wrote it) 2. DVCS-pillage (lacks SVN support) 3. dvcs-ripper (alternative implementation covers svn too)
DEMO TIME NOTE: ALL DEMO's are prepared while in sleep deprived state.
DIRECTORY LISTING ENABLED
DIRECTORY LISTING DISABLED
SVN
PHEW DEMO DONE
QUICK CHECKS while read p; do echo "Input: "$p echo "CHECK: SVN entries http" curl -I echo "CHECK: SVN entries https" curl -k -I echo "CHECK: SVN wcdb" curl -I echo "CHECK: SVN wcdb https" curl -k -I done<$1 http://$p/.svn/entries https://$p/.svn/entries http://$p/.svn/wc.db https://$p/.svn/wc.db
ANY QUESTIONS
ANANT SHRIVASTAVA Information Security Consultant Admin - Dev - Security null + OWASP + G4H and @anantshri Trainer : Blackhat USA, NullCon, g0s, c0c0n, RootConf Speaker : Nullcon, c0c0n, ClubHack, RootConf http://anantshri.info        

Recommended

Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
Anant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Down by the Docker
Down by the DockerDown by the Docker
Down by the Docker
NotSoSecure Global Services
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
Recon
ReconRecon
Recon
UTD Computer Security Group
 

Recommended

Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
Anant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav
 
Down by the Docker
Down by the DockerDown by the Docker
Down by the Docker
NotSoSecure Global Services
 
Mod security
Mod securityMod security
Mod security
Shruthi Kamath
 
Recon
ReconRecon
Recon
UTD Computer Security Group
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
Riyaz Walikar
 
Network Security
Network SecurityNetwork Security
Network Security
UTD Computer Security Group
 
Windows Security Crash Course
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash Course
UTD Computer Security Group
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework Security
Creston Jamison
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
Indonesia Network Operators Group
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basicsamiable_indian
 
Powershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüPowershell'in Karanlık Yüzü
Powershell'in Karanlık Yüzü
Halil Dalabasmaz
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesters
NotSoSecure Global Services
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSEC
Mayank Gaikwad
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
 
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
Bhadreshsinh Gohil
 
Isa
IsaIsa
Isadeshvikas
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
Michael Boelen
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
Jeronimo Zucco
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
Stanfy
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
Anant Shrivastava
 

More Related Content

What's hot

Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
Riyaz Walikar
 
Network Security
Network SecurityNetwork Security
Network Security
UTD Computer Security Group
 
Windows Security Crash Course
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash Course
UTD Computer Security Group
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework Security
Creston Jamison
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
Indonesia Network Operators Group
 
Powershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüPowershell'in Karanlık Yüzü
Powershell'in Karanlık Yüzü
Halil Dalabasmaz
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesters
NotSoSecure Global Services
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSEC
Mayank Gaikwad
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H Meet
Anthony Jose
 
nessus
nessusnessus
nessus
Muhammad Yasin
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
clevernetsystemsgeneva
 
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
Bhadreshsinh Gohil
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
Michael Boelen
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
Jeronimo Zucco
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
Stanfy
 

What's hot (20)

Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
Network Security
Network SecurityNetwork Security
Network Security
 
Windows Security Crash Course
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash Course
 
Pxosys Webinar Amplify your Security
Pxosys Webinar Amplify your SecurityPxosys Webinar Amplify your Security
Pxosys Webinar Amplify your Security
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework Security
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Powershell'in Karanlık Yüzü
Powershell'in Karanlık YüzüPowershell'in Karanlık Yüzü
Powershell'in Karanlık Yüzü
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesters
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
Aws security with HIDS, OSSEC
Aws security with HIDS, OSSECAws security with HIDS, OSSEC
Aws security with HIDS, OSSEC
 
IOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H MeetIOS Security Basics - NULL/ OWASP/G4H Meet
IOS Security Basics - NULL/ OWASP/G4H Meet
 
nessus
nessusnessus
nessus
 
Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh Présentation et démo ELK/SIEM/Wazuh
Présentation et démo ELK/SIEM/Wazuh
 
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
 
Isa
IsaIsa
Isa
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
Implementing ossec
Implementing ossecImplementing ossec
Implementing ossec
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...Avoiding damage, shame and regrets data protection for mobile client-server a...
Avoiding damage, shame and regrets data protection for mobile client-server a...
 

Viewers also liked

My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
Anant Shrivastava
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
Anant Shrivastava
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
Anant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
Anant Shrivastava
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
Web2.0 : an introduction
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
Anant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Anant Shrivastava
 
Avr introduction
Avr introductionAvr introduction
Avr introduction
Anant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto Joseph
Anthony Jose
 
Grinder talk
Grinder talk Grinder talk
Grinder talk
n|u - The Open Security Community
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015
n|u - The Open Security Community
 
Csp july2015
Csp july2015Csp july2015
Csp july2015
n|u - The Open Security Community
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
Chandrapal Badshah
 

Viewers also liked (20)

My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Web2.0 : an introduction
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Avr introduction
Avr introductionAvr introduction
Avr introduction
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Radare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto JosephRadare2 - An Introduction by Anto Joseph
Radare2 - An Introduction by Anto Joseph
 
Grinder talk
Grinder talk Grinder talk
Grinder talk
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
 
Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015Threat intelligence - nullmeetblr 21st June 2015
Threat intelligence - nullmeetblr 21st June 2015
 
Csp july2015
Csp july2015Csp july2015
Csp july2015
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 

Similar to Exploiting publically exposed Version Control System

Continuous Security
Continuous SecurityContinuous Security
Continuous Security
Sysdig
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012
Joe Arnold
 
Linux
LinuxLinux
Linux
Kavi Bharathi R
 
Deploy your Python code on Azure Functions
Deploy your Python code on Azure FunctionsDeploy your Python code on Azure Functions
Deploy your Python code on Azure Functions
Dhilipsiva DS
 
Assisted-Installer-DevConf-US-2021
Assisted-Installer-DevConf-US-2021Assisted-Installer-DevConf-US-2021
Assisted-Installer-DevConf-US-2021
Nir Magnezi
 
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
Freddy Rolland
 
Android memory analysis Debug slides.pdf
Android memory analysis Debug slides.pdfAndroid memory analysis Debug slides.pdf
Android memory analysis Debug slides.pdf
VishalKumarJha10
 
PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CI
Andrey Karpov
 
Rolling upgrade OpenStack
Rolling upgrade OpenStackRolling upgrade OpenStack
Rolling upgrade OpenStack
Vietnam Open Infrastructure User Group
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in Kubernetes
Sysdig
 
Kali kinux1
Kali kinux1Kali kinux1
Kali kinux1
Mohammad Mafi
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStack
Jesse Andrews
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Nissan Dookeran
 
Uyuni Saltboot - automated image deployment and lifecycle with Uyuni
Uyuni Saltboot - automated image deployment and lifecycle with Uyuni Uyuni Saltboot - automated image deployment and lifecycle with Uyuni
Uyuni Saltboot - automated image deployment and lifecycle with Uyuni
Ondrej Holecek
 
Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5
Keisuke Takahashi
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Nicolas Collery
 
Startup guide for kvm on cent os 6
Startup guide for kvm on cent os 6Startup guide for kvm on cent os 6
Startup guide for kvm on cent os 6Carlos Eduardo
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
Jimmy Mesta
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
 

Similar to Exploiting publically exposed Version Control System (20)

Continuous Security
Continuous SecurityContinuous Security
Continuous Security
 
Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012Swift Install Workshop - OpenStack Conference Spring 2012
Swift Install Workshop - OpenStack Conference Spring 2012
 
Linux
LinuxLinux
Linux
 
Deploy your Python code on Azure Functions
Deploy your Python code on Azure FunctionsDeploy your Python code on Azure Functions
Deploy your Python code on Azure Functions
 
Assisted-Installer-DevConf-US-2021
Assisted-Installer-DevConf-US-2021Assisted-Installer-DevConf-US-2021
Assisted-Installer-DevConf-US-2021
 
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
"Look Ma, no hands! Zero Touch Provisioning for OpenShift" DevConf.US 2021
 
Android memory analysis Debug slides.pdf
Android memory analysis Debug slides.pdfAndroid memory analysis Debug slides.pdf
Android memory analysis Debug slides.pdf
 
PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CI
 
Rolling upgrade OpenStack
Rolling upgrade OpenStackRolling upgrade OpenStack
Rolling upgrade OpenStack
 
CI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in KubernetesCI / CD / CS - Continuous Security in Kubernetes
CI / CD / CS - Continuous Security in Kubernetes
 
Kali kinux1
Kali kinux1Kali kinux1
Kali kinux1
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
 
Baylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStackBaylisa - Dive Into OpenStack
Baylisa - Dive Into OpenStack
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Uyuni Saltboot - automated image deployment and lifecycle with Uyuni
Uyuni Saltboot - automated image deployment and lifecycle with Uyuni Uyuni Saltboot - automated image deployment and lifecycle with Uyuni
Uyuni Saltboot - automated image deployment and lifecycle with Uyuni
 
Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
 
Startup guide for kvm on cent os 6
Startup guide for kvm on cent os 6Startup guide for kvm on cent os 6
Startup guide for kvm on cent os 6
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
 

More from Anant Shrivastava

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
Anant Shrivastava
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
Anant Shrivastava
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
Anant Shrivastava
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
Anant Shrivastava
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
Anant Shrivastava
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
Anant Shrivastava
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
Anant Shrivastava
 
introduction to Lamp Stack
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
Anant Shrivastava
 
Logic Families Electronics
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
Anant Shrivastava
 
Filesystem
FilesystemFilesystem
Filesystem
Anant Shrivastava
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
Anant Shrivastava
 

More from Anant Shrivastava (11)

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
 
introduction to Lamp Stack
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
 
Logic Families Electronics
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
 
Filesystem
FilesystemFilesystem
Filesystem
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 

Recently uploaded

When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 

Recently uploaded (20)

When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 

Exploiting publically exposed Version Control System