-
Raunak Parmar White Knight Labs
- Dates: May 10, 11 and 12 2025
- Difficulty: Medium
- Session Format: Hybrid
- Language: English
Description
The Art of CI/CD Pipeline Exploitation is an advanced, hands-on training designed to expose real-world security risks in CI/CD environments and equip participants with the skills to both exploit and defend against these threats. Through practical scenarios, students will move beyond theory and directly engage with pipelines across various platforms to understand how a single misconfiguration can lead to systemic compromise.
This training covers offensive techniques and defensive countermeasures across multiple CI/CD platforms, including GitHub Actions, CircleCI, AWS CodeBuild, and Azure DevOps. Attendees will explore GitHub Actions hijacking techniques such as content script injection, pull request target abuse, workflow_run exploitation, as well as artifact poisoning and secret leakage through insecure uploads. The course also delves into bypassing protected branches, OIDC misconfigurations, and abusing Dependabot automerge behavior.
Beyond GitHub, students will explore CircleCI security flaws like config.yml hijacking, and AWS CodeBuild pipeline exploitation, with a focus on privilege escalation via IAM role abuse and persistence within cloud CI/CD environments. In the container security section, participants will attack Docker registries through malicious image injection, explore lateral movement using registry keys, and execute Docker escapes.
The course then shifts to Kubernetes security risks, where students will identify and exploit CI/CD pipeline-driven privilege escalation, enumerate secrets, and hop laterally across pods using misconfigured service accounts and RBAC permissions. Finally, the training explores Azure DevOps pipeline abuse, including build agent exploitation, insecure service connections, and privilege escalation across Azure services using compromised identities.
Key Highlights
- Learn to identify and exploit CI/CD vulnerabilities.
- Master defensive strategies to protect pipelines from real-world attack vectors.
- Hands-on labs simulating real world attacks
- Lifetime access to materials and a dedicated lab environment.
Target Audience
This intermediate-to-advanced course is ideal for security professionals with a background in DevSecOps, scripting, and basic cybersecurity principles. Enthusiasts and students seeking practical exposure to CI/CD security will also find the content highly beneficial.
Student Requirements
Participants should have basic knowledge of scripting (Python/Bash), CI/CD processes, and access to tools like Docker, GitHub, and cloud environments.
Embark on this journey to gain actionable skills in attacking and securing CI/CD pipelines in today's fast-evolving DevOps landscape.
Key Learning Objectives
- Fundamentals
- CI/CD Overview
- GitHub Actions Security
- GitHub Actions Overview
- Hijacking Techniques:
- Content Script Injection
- Pull Request Target Scenarios
- Issue Comment Injection
- Non-Ephemeral Runners
- Workflow_Run Exploitation
- Artifact Handling:
- Secret Leakage via Uploads
- Artifact Poisoning
- Advanced Exploitation:
- Race Conditions
- Bypassing Protected Branches
- OIDC Misconfigurations
- Dependabot Automerge Vulnerabilities
- GitHub Actions Security Best Practices
- CircleCI Security
- CircleCI Overview
- Config.yml Hijacking
- AWS Codebuild Pipeline Security
- Codebuild Overview
- Exploiting Pipeline misconfiguration
- Attacking Docker Registries
- Understanding Docker and its use case
- Laternal movment using Registries Keys
- Injecting Malicous Image to steal Credentials
- Vulnerable Kubernetes Environment
- Exploring K8s Infrastructure
- Abusing CI/CD Pipeline to Compromise Kubernetes
- Enumeration Techniques
- Privilege Escalation via CI/CD in Kubernetes
- Hopping Over Pods
- Azure Devops Security
- Azure Devops CI/CD Overview
- Azure DevOps Pipeline Security Risks
- Insecure Service Connections & Credential Leaks
- Build Agent Exploitation & Privilege Escalation
- Azure Devops Pipeline Exploitation
- Abusing Azure Services
Who Should Attend?
This intermediate-to-advanced course is ideal for security professionals with a background in DevSecOps, scripting, and basic cybersecurity principles. Enthusiasts and students seeking practical exposure to CI/CD security will also find the content highly beneficial.
This on-demand course is perfect for:
* Devops & DevSecOps Professionals – who’d like to better protect CI/CD pipelines
* Cybersecurity Professionals: Seeking flexible, hands-on learning.
* Students: In cybersecurity or cloud computing disciplines looking for practical, self-directed learning.
Red Team Operators: Aiming to advance their skills in CI/CD penetration testing with real-world labs.
Enthusiasts: Interested in on-demand, hands-on training to deepen their CI/CD security knowledge.
Prerequisite Knowledge
To enroll in the Attacking and Securing CI/CD On-Demand, students should meet the following requirements:
- Familiarity with Scripting – Basic Knowledge of Python, Bash
- Resources – 2 GitHub accounts, AWS environment, Azure environment, Docker on host machine
- Hardware Requirements – Admin access to your tool environment and cloud
- Prerequisite Knowledge – This is an intermediate to advanced course. A background in CI/CD processes, DevSecOps practices, and a basic understanding of cybersecurity principles is recommended. Familiarity with scripting and automation in CI/CD environments will be beneficial
- Willingness to Learn
Hardware Requirements
Admin access to your tool environment and cloud, 2 GitHub accounts, AWS environment, Azure environment, Docker on host machine
Bio
Raunak Parmar , White Knight Labs
Raunak Parmar works as a senior cloud security engineer at White Knight Labs. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, Nullcon, RootCon, and also at local meetups.