Attacking DevOps Pipelines [2108]

DevOps is at the core of a modern corporate network. Large organizations rely on DevOps platforms to automate the build and deployment of infrastructure and software applications in a reliable manner. To effectively perform their tasks, DevOps tooling requires high-level permissions for managing credentials, creating infrastructure, configuring and building code, and deploying applications to production environments. This makes DevOps platforms a compelling target for an adversary.

This course teaches attendees field-tested techniques to exploit access within the DevOps pipeline, including searching source code for secrets, poisoning CI/CD pipelines to execute malicious scripts, and pivoting through DevOps platforms to access cloud workloads. Attendees will participate in a fictitious red team scenario where they will attempt to escalate privileges throughout a DevOps environment to access sensitive systems/data. In this scenario, the trainers will also act as a blue team and provide students with feedback on the detection surface of their TTPs.