Hey everyone!

If you've done any internal penetration testing in the last few years, you know the landscape has changed dramatically. Gone are the days when you'd pop a box, grab some hashes, and call it a day. Today's enterprise environments are a sprawling maze of CI/CD pipelines, container orchestration, secrets managers, artifact repositories, and configuration management tools; each one a potential goldmine for attackers.

After years of building out internal methodology documentation at Arcanum, we decided it was time to give back to the community. Today, we're releasing the DevOps Attack Surface Guide: an interactive, searchable reference for penetration testers targeting DevOps infrastructure.

/ What is it?

During internal engagements, my team and I kept running into the same scenario: we'd land on a network and immediately start hunting for Jenkins, GitLab, Vault, Artifactory, and the dozens of other tools that make up modern DevOps stacks. Each one has its own default ports, default credentials, common misconfigurations, and CVEs worth knowing.

We were tired of grepping through scattered notes and bookmarks. We needed a single, consolidated resource that answered questions like:

• "What port does TeamCity run on?"

• "What are the default creds for Nexus?"

• "What's that recent Perforce CVE everyone's talking about?"

• "How do I find exposed Terraform state files?"

So we built one.

(Sponsor)

/ What's Inside

The guide covers 88+ tools across 15 categories:

• Knowledge Bases — SharePoint, Confluence, MediaWiki, Notion, Wiki.js

• Source Code Management — Git, GitHub, GitLab, Bitbucket, Perforce, SVN

• Repository Management — Artifactory, Nexus, AWS CodeArtifact

• Build Servers — Jenkins, TeamCity, Bamboo, CircleCI, GitHub Actions

• Deployment Platforms — Octopus Deploy, Codefresh, ArgoCD

• Configuration Management — Ansible, Chef, Puppet, Salt

• Operations & Monitoring — Splunk, Elastic Stack, Grafana, Nagios

• Secrets Managers — HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, CyberArk

• Databases 

/ Try It Out

The guide is live now at: arcanum-sec.github.io/devops-attack-surface

It's fully client-side, searchable, and works great on mobile for those times you're on-site and need a quick reference.

/ Outro

The DevOps attack surface is only going to keep growing. Every new tool added to the pipeline is another potential entry point. My hope is that this resource helps pentesters work more efficiently and helps defenders understand what attackers are looking for.

Thanks for reading, Happy hacking!

(Sponsor)