Explore the intricacies of hacking Jenkins, the world's most popular CI/CD server, in this comprehensive conference talk from Hack In The Box Security Conference. Dive deep into Jenkins' internal mechanisms and exploitation guidelines, covering dynamic routing misuse, meta-programming abuse, and Groovy sandbox escapes. Learn about a full pre-auth remote code execution exploit chain and discover seven newly found vulnerabilities with CVEs. Gain insights into building custom gadgets and unconventional hacking techniques for Jenkins. Topics covered include JVM ecosystem reports, common attack vectors, past deserialization bugs, Jenkins remoting, Java web review, Stapler's role, routing rules, URL whitelists, compile-time meta-programming, root cause analysis, malicious JAR preparation, remote Jenkins attacks, Shodan survey results, and the evolution of exploit chains.