At my previous employer (FusionX/Accenture), I wrote a tool for RedTeam security people to help attack and exploit vulnerabilities in Jenkins Applications. These attacks are for the most part publicly known, but are time consuming to execute by hand.

Accenture has graciously agreed to opensource the project, and I am excited to share it with the world. Besides the “bog standard” attacks that this tool simplifies and enables, it also brings some new-ish attacks to the public. These attacks include the ability to execute “ghost jobs” which are jobs that do not show-up in Jenkins as executing and can be…

shellster

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store