GitOops - All Paths Lead To Clouds

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It’ll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:

MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p

GitOops takes inspiration from tools like Bloodhound and Cartography.

Check out the docs and more example queries.

Download Gitoops

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: hacking, OSINT, Security, threatintel, tools

GitOops – All Paths Lead To Clouds

Original Source

BianLian Ransomware Victim: Optometric Physicians of Middle Tennessee

RansomHouse Ransomware Victim: Hirsh Industries

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

CISA: CISA and Partners Release Advisory on Akira Ransomware

CISA: CISA Releases Four Industrial Control Systems Advisories

Original Source

You may have missed

BianLian Ransomware Victim: Optometric Physicians of Middle Tennessee

RansomHouse Ransomware Victim: Hirsh Industries

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

CISA: CISA and Partners Release Advisory on Akira Ransomware

CISA: CISA Releases Four Industrial Control Systems Advisories