Type
Research
Actors
Pub. date
January 13, 2022
Initial access
End-user compromise
Impact
Resp. disclosure
Observed techniques
Observed tools
Targeted technologies
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
NCC Group performed a pentest in which they had (notionally) compromised a developer's laptop who could commit code to a certain Java library. The researchers set a pre-requirement file to one that provided a Meterpreter shell from within the target build environment. They found themselves on a pod that contained an SSH key that granted access to a Jenkins master node, and proceeded to dump variables. At this point they gained write privileges and cluster admin within the production environment.