Offensive DevOps
About Offensive DevOps
Last updated
Was this helpful?
About Offensive DevOps
Last updated
Was this helpful?
I don't know, I'm not a developer~
DevOps - or Development Operations, is a methodology whereby people, technology, and processes are controlled in a lifecycle - from the integration of software, to its deployment and back.
This is the practice of automating procedures to accelerate software deployment and delivery - instead of having to build on Visual Studio, releasing that as a binary manually, and repeating that process with each version of your software, you automate the unit testing and building of your code to then release it out into the wild.
In our case, DevOps is used to automate the building, obfuscation, and submission of tools to our operators around the clock. Infrastructure and code should be maintainable and recyclable to achieve maximum efficiency when performing an assessment.
The goal of this blog is to achieve a level 4 -> 5 in Configuration Management and a level 3 in Operational Capability
Level 4
The Red Team uses merge and pull requests, or similar, prior to changing known-good versions
Level 5
The Red Team leverages automated CI/CD actions to expedite delivery and maintain quality of products
Level 3
The Red Team modifies common TTPs to address operation needs; the Red Team collectively has deep knowledge of common software / services / technologies, such as Active Directory or a CSP in use; the Red Team has identified specialisations aligned to operation phases or needs
Setting up a GitLab server
Setting up a TeamCity and Jenkins server
Setting up CI/CD Pipelines
Building Private and Public Projects
Obfuscating and Storing Tools
Mika 💜 - Proof Reading
