Attacking & Securing CI/CD Pipeline Course

Description

The Art of CI/CD Pipeline Exploitation is an advanced, hands-on training designed to expose real-world security risks in CI/CD environments and equip participants with the skills to both exploit and defend against these threats. Through practical scenarios, students will move beyond theory and directly engage with pipelines across various platforms to understand how a single misconfiguration can lead to systemic compromise.

This training covers offensive techniques and defensive countermeasures across multiple CI/CD platforms, including GitHub Actions, CircleCI, AWS CodeBuild, and Azure DevOps. Attendees will explore GitHub Actions hijacking techniques such as content script injection, pull request target abuse, workflow_run exploitation, as well as artifact poisoning and secret leakage through insecure uploads. The course also delves into bypassing protected branches, OIDC misconfigurations, and abusing Dependabot automerge behavior.

Beyond GitHub, students will explore CircleCI security flaws like config.yml hijacking, and AWS CodeBuild pipeline exploitation, with a focus on privilege escalation via IAM role abuse and persistence within cloud CI/CD environments. In the container security section, participants will attack Docker registries through malicious image injection, explore lateral movement using registry keys, and execute Docker escapes.

The course then shifts to Kubernetes security risks, where students will identify and exploit CI/CD pipeline-driven privilege escalation, enumerate secrets, and hop laterally across pods using misconfigured service accounts and RBAC permissions. Finally, the training explores Azure DevOps pipeline abuse, including build agent exploitation, insecure service connections, and privilege escalation across Azure services using compromised identities.

Key Highlights

• Learn to identify and exploit CI/CD vulnerabilities.
• Master defensive strategies to protect pipelines from real-world attack vectors.
• Hands-on labs simulating real world attacks
• Lifetime access to materials and a dedicated lab environment.

Target Audience

This intermediate-to-advanced course is ideal for security professionals with a background in DevSecOps, scripting, and basic cybersecurity principles. Enthusiasts and students seeking practical exposure to CI/CD security will also find the content highly beneficial.

Student Requirements

Participants should have basic knowledge of scripting (Python/Bash), CI/CD processes, and access to tools like Docker, GitHub, and cloud environments.

Embark on this journey to gain actionable skills in attacking and securing CI/CD pipelines in today's fast-evolving DevOps landscape.

Key Learning Objectives

• Fundamentals
• CI/CD Overview
• GitHub Actions Security
• GitHub Actions Overview
• Hijacking Techniques:
  • Content Script Injection
  • Pull Request Target Scenarios
  • Issue Comment Injection
  • Non-Ephemeral Runners
  • Workflow_Run Exploitation
• Artifact Handling:
  • Secret Leakage via Uploads
  • Artifact Poisoning
• Advanced Exploitation:
  • Race Conditions
  • Bypassing Protected Branches
• OIDC Misconfigurations
• Dependabot Automerge Vulnerabilities
• GitHub Actions Security Best Practices
• CircleCI Security
• CircleCI Overview
• Config.yml Hijacking
• AWS Codebuild Pipeline Security
• Codebuild Overview
• Exploiting Pipeline misconfiguration
• Attacking Docker Registries
• Understanding Docker and its use case
• Laternal movment using Registries Keys
• Injecting Malicous Image to steal Credentials
• Vulnerable Kubernetes Environment
• Exploring K8s Infrastructure
• Abusing CI/CD Pipeline to Compromise Kubernetes
• Enumeration Techniques
• Privilege Escalation via CI/CD in Kubernetes
• Hopping Over Pods
• Azure Devops Security
• Azure Devops CI/CD Overview
• Azure DevOps Pipeline Security Risks
• Insecure Service Connections & Credential Leaks
• Build Agent Exploitation & Privilege Escalation
• Azure Devops Pipeline Exploitation
• Abusing Azure Services

Who Should Attend?

This intermediate-to-advanced course is ideal for security professionals with a background in DevSecOps, scripting, and basic cybersecurity principles. Enthusiasts and students seeking practical exposure to CI/CD security will also find the content highly beneficial.

This on-demand course is perfect for: * Devops & DevSecOps Professionals – who’d like to better protect CI/CD pipelines * Cybersecurity Professionals: Seeking flexible, hands-on learning. * Students: In cybersecurity or cloud computing disciplines looking for practical, self-directed learning.
Red Team Operators: Aiming to advance their skills in CI/CD penetration testing with real-world labs.
Enthusiasts: Interested in on-demand, hands-on training to deepen their CI/CD security knowledge.

Prerequisite Knowledge

To enroll in the Attacking and Securing CI/CD On-Demand, students should meet the following requirements:

• Familiarity with Scripting – Basic Knowledge of Python, Bash
• Resources – 2 GitHub accounts, AWS environment, Azure environment, Docker on host machine
• Hardware Requirements – Admin access to your tool environment and cloud
• Prerequisite Knowledge – This is an intermediate to advanced course. A background in CI/CD processes, DevSecOps practices, and a basic understanding of cybersecurity principles is recommended. Familiarity with scripting and automation in CI/CD environments will be beneficial
• Willingness to Learn

Hardware Requirements

Admin access to your tool environment and cloud, 2 GitHub accounts, AWS environment, Azure environment, Docker on host machine

Bio