From 349d75a4008acde52518b18d20daa84fdbb9d2e2 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Fri, 1 Nov 2024 21:09:02 +0100
Subject: [PATCH] Update CI/CD Devops pages

---
 docs/{ci-cd => devops}/README.md         | 51 ++++++++++--------------
 docs/{ci-cd => devops}/azure-devops.md   |  0
 docs/{ci-cd => devops}/buildkite.md      |  0
 docs/{ci-cd => devops}/circle-ci.md      |  0
 docs/{ci-cd => devops}/drone-ci.md       |  0
 docs/{ci-cd => devops}/github-actions.md |  0
 6 files changed, 22 insertions(+), 29 deletions(-)
 rename docs/{ci-cd => devops}/README.md (81%)
 rename docs/{ci-cd => devops}/azure-devops.md (100%)
 rename docs/{ci-cd => devops}/buildkite.md (100%)
 rename docs/{ci-cd => devops}/circle-ci.md (100%)
 rename docs/{ci-cd => devops}/drone-ci.md (100%)
 rename docs/{ci-cd => devops}/github-actions.md (100%)

diff --git a/docs/ci-cd/README.md b/docs/devops/README.md
similarity index 81%
rename from docs/ci-cd/README.md
rename to docs/devops/README.md
index 6e019d6..a0c7e65 100644
--- a/docs/ci-cd/README.md
+++ b/docs/devops/README.md
@@ -1,32 +1,27 @@
 # CI/CD attacks
 
-> CI/CD pipelines are often triggered by untrusted actions such a forked pull requests and new issue submissions for public git repositories.\
-> These systems often contain sensitive secrets or run in privileged environments.\
-> Attackers may gain an RCE into such systems by submitting crafted payloads that trigger the pipelines.\
-> Such vulnerabilities are also known as Poisoned Pipeline Execution (PPE)
+> CI/CD pipelines are often triggered by untrusted actions such a forked pull requests and new issue submissions for public git repositories. These systems often contain sensitive secrets or run in privileged environments. Attackers may gain an RCE into such systems by submitting crafted payloads that trigger the pipelines. Such vulnerabilities are also known as Poisoned Pipeline Execution (PPE).
 
 
 ## Summary
 
-- [CI/CD attacks](#cicd-attacks)
-  - [Summary](#summary)
-  - [Tools](#tools)
-  - [Package managers & Build Files](#package-managers--build-files)
-    - [Javascript / Typescript - package.json](#javascript--typescript---packagejson)
-    - [Python - setup.py](#python---setuppy)
-    - [Bash / sh - *.sh](#bash--sh---sh)
-    - [Maven / Gradle](#maven--gradle)
-    - [BUILD.bazel](#buildbazel)
-    - [Makefile](#makefile)
-    - [Rakefile](#rakefile)
-    - [C# - *.csproj](#c---csproj)
-  - [CI/CD products](#cicd-products)
-    - [GitHub Actions](#github-actions)
-    - [Azure Pipelines (Azure DevOps)](#azure-pipelines-azure-devops)
-    - [CircleCI](#circleci)
-    - [Drone CI](#drone-ci)
-    - [BuildKite](#buildkite)
-  - [References](#references)
+- [Tools](#tools)
+- [Package managers & Build Files](#package-managers--build-files)
+  - [Javascript / Typescript - package.json](#javascript--typescript---packagejson)
+  - [Python - setup.py](#python---setuppy)
+  - [Bash / sh - *.sh](#bash--sh---sh)
+  - [Maven / Gradle](#maven--gradle)
+  - [BUILD.bazel](#buildbazel)
+  - [Makefile](#makefile)
+  - [Rakefile](#rakefile)
+  - [C# - *.csproj](#c---csproj)
+- [CI/CD products](#cicd-products)
+  - [GitHub Actions](./github-actions)
+  - [Azure Pipelines (Azure DevOps)](./azure-devops)
+  - [Circle CI](./circle-ci)
+  - [Drone CI](./drone-ci)
+  - [BuildKite](./buildkite)
+- [References](#references)
 
 
 ## Tools
@@ -233,11 +228,9 @@ NOTE: Since this is an XML file - XML special characters must be escaped.
 ```
 
 
-
-
 ## References
 
-* [Poisoned Pipeline Execution](https://www.cidersecurity.io/top-10-cicd-security-risks/poisoned-pipeline-execution-ppe/)
-* [DEF CON 25 - spaceB0x - Exploiting Continuous Integration (CI) and Automated Build systems](https://youtu.be/mpUDqo7tIk8)
-* [Azure-Devops-Command-Injection](https://pulsesecurity.co.nz/advisories/Azure-Devops-Command-Injection)
-* [x33fcon lighting talk - Hacking Java serialization from python - Tomasz Bukowski](https://youtu.be/14tNFwfety4)
\ No newline at end of file
+* [Poisoned Pipeline Execution](https://web.archive.org/web/20240226215436/https://www.cidersecurity.io/top-10-cicd-security-risks/poisoned-pipeline-execution-ppe/)
+* [DEF CON 25 - Exploiting Continuous Integration (CI) and Automated Build systems - spaceB0x - 2 nov. 2017](https://youtu.be/mpUDqo7tIk8)
+* [Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking - Sana Oshika - May 1 2023](https://pulsesecurity.co.nz/advisories/Azure-Devops-Command-Injection)
+* [x33fcon lighting talk - Hacking Java serialization from python - Tomasz Bukowski - 16 july 2024](https://youtu.be/14tNFwfety4)
\ No newline at end of file
diff --git a/docs/ci-cd/azure-devops.md b/docs/devops/azure-devops.md
similarity index 100%
rename from docs/ci-cd/azure-devops.md
rename to docs/devops/azure-devops.md
diff --git a/docs/ci-cd/buildkite.md b/docs/devops/buildkite.md
similarity index 100%
rename from docs/ci-cd/buildkite.md
rename to docs/devops/buildkite.md
diff --git a/docs/ci-cd/circle-ci.md b/docs/devops/circle-ci.md
similarity index 100%
rename from docs/ci-cd/circle-ci.md
rename to docs/devops/circle-ci.md
diff --git a/docs/ci-cd/drone-ci.md b/docs/devops/drone-ci.md
similarity index 100%
rename from docs/ci-cd/drone-ci.md
rename to docs/devops/drone-ci.md
diff --git a/docs/ci-cd/github-actions.md b/docs/devops/github-actions.md
similarity index 100%
rename from docs/ci-cd/github-actions.md
rename to docs/devops/github-actions.md