In December 2020, the news broke about a major cyberattack against various departments within US government systems. This was a sophisticated attack where software components of a few big-name organizations were compromised. One of the attacks was designed around infiltrating the build system and then inject a malicious payload into the software product causing catastrophic business disruptions. In this write-up, I highlight how a misconfiguration in the build pipeline can enable hackers to gain control of the build system enabling nightmare scenarios of creating havoc among the industry.

This write-up is about the hackthebox Jeeves box, a medium-rated Windows machine…

Kamran Bilgrami

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store