Learning Objectives In today's task, you will:
- Learn about poisoned pipeline execution.
- Understand how to secure CI/CD pipelines.
- Get an introduction to secure software development lifecycles (SSDLC) & DevSecOps.
- Learn about CI/CD best practices.
Once the machine is up go to this address http://machine_ip on your AttackBox, log in to the GitLab server using the credentials provided:
USERNAME : DelfSecOps
PASSWORD: TryHackMe!
Now open gitlab-ci.yml
In the gitlab-ci.yml 9081 port is mentioned.
so let's take a look..
BACK TO THE QUESTIONS
- What is the handle of the developer responsible for the merge changes?
ANSWER
BadSecOps
- What port is the defaced calendar site server running on?
ANSWER
9081
- What server is the malicious server running on?
ANSWER
apache
- What message did the Frostlings leave on the defaced site?
ANSWER
frostlings rule :)
- What is the commit ID of the original code for the Advent Calendar site?
ANSWER
986b7407