Attacking the Application Supply-Chain: 2023 Edition (Virtual)

NOTE: This course will be offered virtually via Zoom Supply Chain risks are everywhere. We've seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential, and required by regulation. However, it is important for pentesters and red-teams to understand how they can leverage supply-chain attacks against applications, to further strengthen their defense implementations against it. This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently dive into story-driven scenarios of exploiting supply-chains like exploiting CI systems, build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS and Azure. People learn better with stories. Our exploit and lateral movement scenarios are intricately designed labs that are backed by real-world stories that help students understand this subject-matter a lot better. This training was sold-out at Blackhat USA 2022 with a 4.8/5 Rating