Black Hat USA Training - Supply-Chain to Runtime: Attacking & Defending the Modern DevOps Stack

Join us for our 4-day, in-person training at Black Hat USA! During this course, participants will learn real-world attacks and threat hunting techniques from our experts. This training is applicable to offensive security practitioners, consultants, and internal red teams, as well as defenders with a strong understanding of penetration testing fundamentals (purple teamers).

Key Takeaways

• The pipeline is the new Tier 0. You will leave knowing exactly how a single compromised developer token or merge request turns into unrestricted lateral movement and persistence across the entire infrastructure.
• You can detect almost every DevOps supply-chain attack with a few high-signal data sources you probably already have.
• Container "immutability" is a myth once the pipeline is owned.