Page cover image

๐Ÿ”งOffensive DevOps

About Offensive DevOps

Development Operations

What is DevOps

I don't know, I'm not a developer~

DevOps - or Development Operations, is a methodology whereby people, technology, and processes are controlled in a lifecycle - from the integration of software, to its deployment and back.

DevOps Lifecycle

What is CI/CD

This is the practice of automating procedures to accelerate software deployment and delivery - instead of having to build on Visual Studio, releasing that as a binary manually, and repeating that process with each version of your software, you automate the unit testing and building of your code to then release it out into the wild.

Offensive DevOps

In our case, DevOps is used to automate the building, obfuscation, and submission of tools to our operators around the clock. Infrastructure and code should be maintainable and recyclable to achieve maximum efficiency when performing an assessment.

The goal of this blog is to achieve a level 4 -> 5 in Configuration Management and a level 3 in Operational Capability

Configuration Management

Level 4

The Red Team uses merge and pull requests, or similar, prior to changing known-good versions

Level 5

The Red Team leverages automated CI/CD actions to expedite delivery and maintain quality of products

Operation Capability

Level 3

The Red Team modifies common TTPs to address operation needs; the Red Team collectively has deep knowledge of common software / services / technologies, such as Active Directory or a CSP in use; the Red Team has identified specialisations aligned to operation phases or needs

Blog Scope

  • Setting up a GitLab server

  • Setting up a TeamCity and Jenkins server

  • Setting up CI/CD Pipelines

  • Building Private and Public Projects

  • Obfuscating and Storing Tools

Offensive DevOps Architecture

Drawing
Offensive DevOps Architecture

Table of Contents

GitLab
TeamCity
Jenkins (WIP)

Credits & References

Last updated

Was this helpful?