Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io

Made with 💙 by Wiz

Last Updated: April 3, 2025

Cloud Threat Landscape
/Incidents
Incidents
/
From code commit to production takeover

From code commit to production takeover

Type
Research
Actors
Pub. date
January 13, 2022
Initial access
End-user compromise
Impact
Resp. disclosure
Observed techniques
Reverse shell
Observed tools
Metasploit
Targeted technologies
Jenkins
References
https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM

NCC Group performed a pentest in which they had (notionally) compromised a developer's laptop who could commit code to a certain Java library. The researchers set a pre-requirement file to one that provided a Meterpreter shell from within the target build environment. They found themselves on a pod that contained an SSH key that granted access to a Jenkins master node, and proceeded to dump variables. At this point they gained write privileges and cluster admin within the production environment.