Attacking The Application Supply-Chain

Supply Chain risks are everywhere. Over the last 3 years, we've seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential, and in some cases, required by regulation. However, it is important for pentesters and red-teams to understand how they can leverage supply-chain attacks against applications, to further strengthen their defense and blue-team implementations against it. This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subse quently deep-dive into story-driven scenarios of exploiting different supply-chains like exploiting CI systems, build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS and Azure. People learn better with stories. All our exploit and lateral movement scenarios are intricately designed hands-on examples that are backed by real-world stories and anecdotes that help students understand this subject-matter a lot better.