trasnlate other half

src/pentesting-ci-cd/ansible-tower-awx-automation-controller-security.md

@@ -141,3 +141,4 @@ From a **white box security** review, you would need the **System Auditor role**
 
 
 
+

src/pentesting-ci-cd/apache-airflow-security/README.md

@@ -177,3 +177,4 @@ If they are used for example inside a a bash command, you could perform a comman
 
 
 
+

src/pentesting-ci-cd/apache-airflow-security/airflow-configuration.md

@@ -113,3 +113,4 @@ AUTH_ROLE_PUBLIC = 'Admin'
 
 
 
+

src/pentesting-ci-cd/apache-airflow-security/airflow-rbac.md

@@ -45,3 +45,4 @@ These are the default permissions per default role:
 
 
 
+

src/pentesting-ci-cd/atlantis-security.md

@@ -390,3 +390,4 @@ You can also pass these as environment variables `ATLANTIS_WEB_BASIC_AUTH=true`
 
 
 
+

src/pentesting-ci-cd/circleci-security.md

@@ -257,3 +257,4 @@ jobs:
 
 
 
+

src/pentesting-ci-cd/cloudflare-security/README.md

@@ -136,3 +136,4 @@ cloudflare-zero-trust-network.md
 
 
 
+

src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md

@@ -135,3 +135,4 @@ TODO
 
 
 
+

src/pentesting-ci-cd/cloudflare-security/cloudflare-zero-trust-network.md

@@ -63,3 +63,4 @@ TODO
 
 
 
+

src/pentesting-ci-cd/concourse-security/README.md

@@ -35,3 +35,4 @@ concourse-enumeration-and-attacks.md
 
 
 
+

src/pentesting-ci-cd/concourse-security/concourse-architecture.md

@@ -40,3 +40,4 @@ In order to execute tasks concourse must have some workers. These workers **regi
 
 
 
+

src/pentesting-ci-cd/concourse-security/concourse-enumeration-and-attacks.md

@@ -444,3 +444,4 @@ Accept-Encoding: gzip.
 
 
 
+

src/pentesting-ci-cd/concourse-security/concourse-lab-creation.md

@@ -153,3 +153,4 @@ Check a YAML pipeline example that triggers on new commits to master in [https:/
 
 
 
+

src/pentesting-ci-cd/gitea-security/README.md

@@ -140,3 +140,4 @@ If you are inside the server you can also **use the `gitea` binary** to access/m
 
 
 
+

src/pentesting-ci-cd/gitea-security/basic-gitea-information.md

@@ -105,3 +105,4 @@ Different protections can be applied to a branch (like to master):
 
 
 
+

src/pentesting-ci-cd/github-security/README.md

@@ -246,3 +246,4 @@ For more info check [https://www.chainguard.dev/unchained/what-the-fork-imposter
 
 
 
+

src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

@@ -583,3 +583,4 @@ The following tools are useful to find Github Action workflows and even find vul
 
 
 
+

src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-artifact-poisoning.md

@@ -4,3 +4,4 @@
 
 
 
+

src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning.md

@@ -4,3 +4,4 @@
 
 
 
+

src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-context-script-injections.md

@@ -4,3 +4,4 @@
 
 
 
+

src/pentesting-ci-cd/github-security/accessible-deleted-data-in-github.md

@@ -58,3 +58,4 @@ And the latest one use a short sha-1 that is bruteforceable.
 
 
 
+

src/pentesting-ci-cd/github-security/basic-github-information.md

@@ -257,3 +257,4 @@ Different protections can be applied to a branch (like to master):
 
 
 
+

src/pentesting-ci-cd/jenkins-security/README.md

@@ -414,3 +414,4 @@ println(hudson.util.Secret.decrypt("{...}"))
 
 
 
+

src/pentesting-ci-cd/jenkins-security/basic-jenkins-information.md

@@ -96,3 +96,4 @@ According to [**the docs**](https://www.jenkins.io/blog/2019/02/21/credentials-m
 
 
 
+

src/pentesting-ci-cd/jenkins-security/jenkins-arbitrary-file-read-to-rce-via-remember-me.md

@@ -107,3 +107,4 @@ The example curl command provided demonstrates how to make a request to Jenkins
 
 
 
+

src/pentesting-ci-cd/jenkins-security/jenkins-dumping-secrets-from-groovy.md

@@ -91,3 +91,4 @@ for (c in creds) {
 
 
 
+

src/pentesting-ci-cd/jenkins-security/jenkins-rce-creating-modifying-pipeline.md

@@ -41,3 +41,4 @@ If you can access the configuration file of some pipeline configured you could j
 
 
 
+

src/pentesting-ci-cd/jenkins-security/jenkins-rce-creating-modifying-project.md

@@ -38,3 +38,4 @@ If you are not executing a reverse shell but a simple command you can **see the
 
 
 
+

src/pentesting-ci-cd/jenkins-security/jenkins-rce-with-groovy-script.md

@@ -65,3 +65,4 @@ msf> use exploit/multi/http/jenkins_script_console
 
 
 
+

src/pentesting-ci-cd/okta-security/README.md

@@ -116,3 +116,4 @@ okta-hardening.md
 
 
 
+

src/pentesting-ci-cd/okta-security/okta-hardening.md

@@ -201,3 +201,4 @@ Here you can download Okta agents to sync Okta with other technologies.
 
 
 
+

src/pentesting-ci-cd/pentesting-ci-cd-methodology.md

@@ -106,3 +106,4 @@ Check this interesting article about the top 10 CI/CD risks according to Cider:
 
 
 
+

src/pentesting-ci-cd/serverless.com-security.md

@@ -860,3 +860,4 @@ Granting excessive permissions to team members and external collaborators can le
 
 
 
+

src/pentesting-ci-cd/supabase-security.md

@@ -165,3 +165,4 @@ It's possible to **store secrets** in supabase also which will be **accessible b
 
 
 
+

src/pentesting-ci-cd/terraform-security.md

@@ -314,3 +314,4 @@ brew install terrascan
 
 
 
+

src/pentesting-ci-cd/todo.md

@@ -18,3 +18,4 @@ Github PRs are welcome explaining how to (ab)use those platforms from an attacke
 
 
 
+

src/pentesting-ci-cd/travisci-security/README.md

@@ -67,3 +67,4 @@ If an attacker ends in an environment which uses **TravisCI enterprise** (more i
 
 
 
+

src/pentesting-ci-cd/travisci-security/basic-travisci-information.md

@@ -94,3 +94,4 @@ The amount of deployed TCI Worker and build environment OS images will determine
 
 
 
+

src/pentesting-ci-cd/vercel-security.md

@@ -439,3 +439,4 @@ An **Access Group** in Vercel is a collection of projects and team members with
 
 
 
+