CI/CD pipelines exist in just about every company that does some kind of development. Some companies have more mature pipelines than others, but the rule still holds. Most companies with in house development have a Jenkins instance or some similar build orchestration software, code repositories, path to deployment, etc. Depending on your background you may be familiar with these environments to varying degrees. I started out doing somethin between running application servers and devops, maintaining deployment pipelines and helping developers troubleshoot issues. I even wrote my own share of code and deployed my own changes to a minor application that eventually went into production. This was done as an opportuntiy to get me more familiar with that side of things and I found the experience very valuable. Those experiences became invaluable when I went into red teaming and security research as I already had a baseline familiarity with these environments and how they worked, and more importantly, insight in how these environments could be exploited by an attacker.
[Read More]