🔧Offensive DevOps

About Offensive DevOps

Development Operations

What is DevOps

I don't know, I'm not a developer~

DevOps - or Development Operations, is a methodology whereby people, technology, and processes are controlled in a lifecycle - from the integration of software, to its deployment and back.

What is CI/CD

This is the practice of automating procedures to accelerate software deployment and delivery - instead of having to build on Visual Studio, releasing that as a binary manually, and repeating that process with each version of your software, you automate the unit testing and building of your code to then release it out into the wild.

Offensive DevOps

In our case, DevOps is used to automate the building, obfuscation, and submission of tools to our operators around the clock. Infrastructure and code should be maintainable and recyclable to achieve maximum efficiency when performing an assessment.

Red Team Capability Maturity Model

The goal of this blog is to achieve a level 4 -> 5 in Configuration Management and a level 3 in Operational Capability

Configuration Management

Level 4

The Red Team uses merge and pull requests, or similar, prior to changing known-good versions

Level 5

The Red Team leverages automated CI/CD actions to expedite delivery and maintain quality of products

Operation Capability

Level 3

The Red Team modifies common TTPs to address operation needs; the Red Team collectively has deep knowledge of common software / services / technologies, such as Active Directory or a CSP in use; the Red Team has identified specialisations aligned to operation phases or needs