# Offensive DevOps

### Development Operations

#### What is DevOps

*I don't know, I'm not a developer\~*

DevOps - or Development Operations, is a methodology whereby people, technology, and processes are controlled in a lifecycle - from the integration of software, to its deployment and back.

<figure><img src="https://1797977785-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjrIJ5xrJuOVgeeYdKNB5%2Fuploads%2F8L6gCCGFvKiioGzlZC6o%2FDevops%20Diagram.png?alt=media&#x26;token=427052b6-6d8f-49c7-a5ab-c4775386e957" alt=""><figcaption><p>DevOps Lifecycle</p></figcaption></figure>

#### What is CI/CD

This is the practice of automating procedures to accelerate software deployment and delivery - instead of having to build on Visual Studio, releasing that as a binary manually, and repeating that process with each version of your software, you automate the unit testing and building of your code to then release it out into the wild.

### Offensive DevOps

In our case, DevOps is used to automate the building, obfuscation, and submission of tools to our operators around the clock. Infrastructure and code should be maintainable and recyclable to achieve maximum efficiency when performing an assessment.&#x20;

#### Red Team [Capability Maturity Model](https://www.redteammaturity.com/)

The goal of this blog is to achieve a level 4 -> 5 in **Configuration Management** and a level 3 in **Operational Capability**

#### **Configuration Management**

***Level 4***

*The Red Team uses merge and pull requests, or similar, prior to changing known-good versions*

***Level 5***

*The Red Team leverages automated CI/CD actions to expedite delivery and maintain quality of products*

#### Operation Capability

***Level 3***

*The Red Team modifies common TTPs to address operation needs; the Red Team collectively has deep knowledge of common software / services / technologies, such as Active Directory or a CSP in use; the Red Team has identified specialisations aligned to operation phases or needs*

### Blog Scope

* Setting up a GitLab server
* Setting up a TeamCity and Jenkins server
* Setting up CI/CD Pipelines
* Building Private and Public Projects
* Obfuscating and Storing Tools

### Offensive DevOps Architecture

<img src="https://1797977785-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjrIJ5xrJuOVgeeYdKNB5%2Fuploads%2FfwMOL2Q8mvLZFdZjWv3n%2Ffile.excalidraw.svg?alt=media&#x26;token=b94e1426-b2a8-406c-9a48-ab5ffa4bc297" alt="Offensive DevOps Architecture" class="gitbook-drawing">

### Table of Contents

<details>

<summary><a data-mention href="offensive-devops/gitlab">gitlab</a></summary>

[gitlab-setup](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/gitlab/gitlab-setup "mention")

[simple-calculator-project](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/gitlab/simple-calculator-project "mention")

[making-our-ci-cd-pipeline](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/gitlab/making-our-ci-cd-pipeline "mention")

[build-artifacts](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/gitlab/build-artifacts "mention")

</details>

<details>

<summary><a data-mention href="offensive-devops/teamcity">teamcity</a></summary>

[teamcity-setup](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/teamcity/teamcity-setup "mention")

[creating-teamcity-projects](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/teamcity/creating-teamcity-projects "mention")

[obfuscating-payloads](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/teamcity/obfuscating-payloads "mention")

</details>

<details>

<summary><a data-mention href="offensive-devops/jenkins-wip">jenkins-wip</a></summary>

[jenkins-setup](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/jenkins-wip/jenkins-setup "mention")

[creating-pipelines](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/jenkins-wip/creating-pipelines "mention")

[managing-projects](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/jenkins-wip/managing-projects "mention")

[api-interaction](https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops/jenkins-wip/api-interaction "mention")

</details>

### Credits & References

* Mika 💜 - Proof Reading
* <https://training.zeropointsecurity.co.uk/courses/devops-for-pentesters>
* <https://blog.jetbrains.com/teamcity/2019/08/building-go-programs-in-teamcity/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.securescape.cc/offensive-security/red-team/offensive-development/offensive-devops.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.