translate 2

2026-01-24 18:24:40 -08:00 · 2025-01-01 21:36:26 +01:00
parent d0b9174054
commit 2beb8398a6
250 changed files with 0 additions and 256 deletions
--- a/src/pentesting-ci-cd/apache-airflow-security/README.md
+++ b/src/pentesting-ci-cd/apache-airflow-security/README.md
@@ -177,4 +177,3 @@ If they are used for example inside a a bash command, you could perform a comman



-
--- a/src/pentesting-ci-cd/apache-airflow-security/airflow-configuration.md
+++ b/src/pentesting-ci-cd/apache-airflow-security/airflow-configuration.md
@@ -113,4 +113,3 @@ AUTH_ROLE_PUBLIC = 'Admin'



-
--- a/src/pentesting-ci-cd/apache-airflow-security/airflow-rbac.md
+++ b/src/pentesting-ci-cd/apache-airflow-security/airflow-rbac.md
@@ -45,4 +45,3 @@ These are the default permissions per default role:



-
--- a/src/pentesting-ci-cd/atlantis-security.md
+++ b/src/pentesting-ci-cd/atlantis-security.md
@@ -390,4 +390,3 @@ You can also pass these as environment variables `ATLANTIS_WEB_BASIC_AUTH=true`



-
--- a/src/pentesting-ci-cd/circleci-security.md
+++ b/src/pentesting-ci-cd/circleci-security.md
@@ -257,4 +257,3 @@ jobs:



-
--- a/src/pentesting-ci-cd/cloudflare-security/README.md
+++ b/src/pentesting-ci-cd/cloudflare-security/README.md
@@ -136,4 +136,3 @@ cloudflare-zero-trust-network.md



-
--- a/src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md
+++ b/src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md
@@ -135,4 +135,3 @@ TODO



-
--- a/src/pentesting-ci-cd/cloudflare-security/cloudflare-zero-trust-network.md
+++ b/src/pentesting-ci-cd/cloudflare-security/cloudflare-zero-trust-network.md
@@ -63,4 +63,3 @@ TODO



-
--- a/src/pentesting-ci-cd/concourse-security/README.md
+++ b/src/pentesting-ci-cd/concourse-security/README.md
@@ -35,4 +35,3 @@ concourse-enumeration-and-attacks.md



-
--- a/src/pentesting-ci-cd/concourse-security/concourse-architecture.md
+++ b/src/pentesting-ci-cd/concourse-security/concourse-architecture.md
@@ -40,4 +40,3 @@ In order to execute tasks concourse must have some workers. These workers **regi



-
--- a/src/pentesting-ci-cd/concourse-security/concourse-enumeration-and-attacks.md
+++ b/src/pentesting-ci-cd/concourse-security/concourse-enumeration-and-attacks.md
@@ -444,4 +444,3 @@ Accept-Encoding: gzip.



-
--- a/src/pentesting-ci-cd/concourse-security/concourse-lab-creation.md
+++ b/src/pentesting-ci-cd/concourse-security/concourse-lab-creation.md
@@ -153,4 +153,3 @@ Check a YAML pipeline example that triggers on new commits to master in [https:/



-
--- a/src/pentesting-ci-cd/gitea-security/README.md
+++ b/src/pentesting-ci-cd/gitea-security/README.md
@@ -140,4 +140,3 @@ If you are inside the server you can also **use the `gitea` binary** to access/m



-
--- a/src/pentesting-ci-cd/gitea-security/basic-gitea-information.md
+++ b/src/pentesting-ci-cd/gitea-security/basic-gitea-information.md
@@ -105,4 +105,3 @@ Different protections can be applied to a branch (like to master):



-
--- a/src/pentesting-ci-cd/github-security/README.md
+++ b/src/pentesting-ci-cd/github-security/README.md
@@ -246,4 +246,3 @@ For more info check [https://www.chainguard.dev/unchained/what-the-fork-imposter



-
--- a/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
+++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
@@ -583,4 +583,3 @@ The following tools are useful to find Github Action workflows and even find vul



-
--- a/src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-artifact-poisoning.md
+++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-artifact-poisoning.md
@@ -4,4 +4,3 @@



-
--- a/src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning.md
+++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning.md
@@ -4,4 +4,3 @@



-
--- a/src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-context-script-injections.md
+++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-context-script-injections.md
@@ -4,4 +4,3 @@



-
--- a/src/pentesting-ci-cd/github-security/accessible-deleted-data-in-github.md
+++ b/src/pentesting-ci-cd/github-security/accessible-deleted-data-in-github.md
@@ -58,4 +58,3 @@ And the latest one use a short sha-1 that is bruteforceable.



-
--- a/src/pentesting-ci-cd/github-security/basic-github-information.md
+++ b/src/pentesting-ci-cd/github-security/basic-github-information.md
@@ -257,4 +257,3 @@ Different protections can be applied to a branch (like to master):



-
--- a/src/pentesting-ci-cd/jenkins-security/README.md
+++ b/src/pentesting-ci-cd/jenkins-security/README.md
@@ -414,4 +414,3 @@ println(hudson.util.Secret.decrypt("{...}"))



-
--- a/src/pentesting-ci-cd/jenkins-security/basic-jenkins-information.md
+++ b/src/pentesting-ci-cd/jenkins-security/basic-jenkins-information.md
@@ -96,4 +96,3 @@ According to [**the docs**](https://www.jenkins.io/blog/2019/02/21/credentials-m



-
--- a/src/pentesting-ci-cd/jenkins-security/jenkins-arbitrary-file-read-to-rce-via-remember-me.md
+++ b/src/pentesting-ci-cd/jenkins-security/jenkins-arbitrary-file-read-to-rce-via-remember-me.md
@@ -107,4 +107,3 @@ The example curl command provided demonstrates how to make a request to Jenkins



-
--- a/src/pentesting-ci-cd/jenkins-security/jenkins-dumping-secrets-from-groovy.md
+++ b/src/pentesting-ci-cd/jenkins-security/jenkins-dumping-secrets-from-groovy.md
@@ -91,4 +91,3 @@ for (c in creds) {



-
--- a/src/pentesting-ci-cd/jenkins-security/jenkins-rce-creating-modifying-pipeline.md
+++ b/src/pentesting-ci-cd/jenkins-security/jenkins-rce-creating-modifying-pipeline.md
@@ -41,4 +41,3 @@ If you can access the configuration file of some pipeline configured you could j



-
--- a/src/pentesting-ci-cd/jenkins-security/jenkins-rce-creating-modifying-project.md
+++ b/src/pentesting-ci-cd/jenkins-security/jenkins-rce-creating-modifying-project.md
@@ -38,4 +38,3 @@ If you are not executing a reverse shell but a simple command you can **see the



-
--- a/src/pentesting-ci-cd/jenkins-security/jenkins-rce-with-groovy-script.md
+++ b/src/pentesting-ci-cd/jenkins-security/jenkins-rce-with-groovy-script.md
@@ -65,4 +65,3 @@ msf> use exploit/multi/http/jenkins_script_console



-
--- a/src/pentesting-ci-cd/okta-security/README.md
+++ b/src/pentesting-ci-cd/okta-security/README.md
@@ -116,4 +116,3 @@ okta-hardening.md



-
--- a/src/pentesting-ci-cd/okta-security/okta-hardening.md
+++ b/src/pentesting-ci-cd/okta-security/okta-hardening.md
@@ -201,4 +201,3 @@ Here you can download Okta agents to sync Okta with other technologies.



-
--- a/src/pentesting-ci-cd/pentesting-ci-cd-methodology.md
+++ b/src/pentesting-ci-cd/pentesting-ci-cd-methodology.md
@@ -106,4 +106,3 @@ Check this interesting article about the top 10 CI/CD risks according to Cider:



-
--- a/src/pentesting-ci-cd/serverless.com-security.md
+++ b/src/pentesting-ci-cd/serverless.com-security.md
@@ -860,4 +860,3 @@ Granting excessive permissions to team members and external collaborators can le



-
--- a/src/pentesting-ci-cd/supabase-security.md
+++ b/src/pentesting-ci-cd/supabase-security.md
@@ -165,4 +165,3 @@ It's possible to **store secrets** in supabase also which will be **accessible b



-
--- a/src/pentesting-ci-cd/terraform-security.md
+++ b/src/pentesting-ci-cd/terraform-security.md
@@ -314,4 +314,3 @@ brew install terrascan



-
--- a/src/pentesting-ci-cd/todo.md
+++ b/src/pentesting-ci-cd/todo.md
@@ -18,4 +18,3 @@ Github PRs are welcome explaining how to (ab)use those platforms from an attacke



-
--- a/src/pentesting-ci-cd/travisci-security/README.md
+++ b/src/pentesting-ci-cd/travisci-security/README.md
@@ -67,4 +67,3 @@ If an attacker ends in an environment which uses **TravisCI enterprise** (more i



-
--- a/src/pentesting-ci-cd/travisci-security/basic-travisci-information.md
+++ b/src/pentesting-ci-cd/travisci-security/basic-travisci-information.md
@@ -94,4 +94,3 @@ The amount of deployed TCI Worker and build environment OS images will determine



-
--- a/src/pentesting-ci-cd/vercel-security.md
+++ b/src/pentesting-ci-cd/vercel-security.md
@@ -439,4 +439,3 @@ An **Access Group** in Vercel is a collection of projects and team members with



-
				`@@ -177,4 +177,3 @@ If they are used for example inside a a bash command, you could perform a comman`
				`@@ -45,4 +45,3 @@ These are the default permissions per default role:`
				@@ -390,4 +390,3 @@ You can also pass these as environment variables `ATLANTIS_WEB_BASIC_AUTH=true`
				`@@ -40,4 +40,3 @@ In order to execute tasks concourse must have some workers. These workers **regi`
				`@@ -153,4 +153,3 @@ Check a YAML pipeline example that triggers on new commits to master in [https:/`
				@@ -140,4 +140,3 @@ If you are inside the server you can also use the `gitea` binary to access/m
				`@@ -105,4 +105,3 @@ Different protections can be applied to a branch (like to master):`
				`@@ -246,4 +246,3 @@ For more info check [https://www.chainguard.dev/unchained/what-the-fork-imposter`
				`@@ -583,4 +583,3 @@ The following tools are useful to find Github Action workflows and even find vul`
				`@@ -58,4 +58,3 @@ And the latest one use a short sha-1 that is bruteforceable.`