Attacking Cloud Services with Source Code

Attacking Cloud Services with Source Code

This talk was presented at SOURCE Boston 2013 and THOTCON 0x4. I talk about some basic development processes, my perspectives as an opensource contributor, and how hosted (cloud-based) CI/CD services make my life so much easier. I also take a look at some different attack vectors to consider on CI/CD deployments in general and what the potential impacts could be if leveraged successfully. Lastly, I announce a soon to be released tool that I developed to help test CI/CD servers for security weaknesses.

Recorded Presentation -

Demo #1 - (Pop a Reverse Shell using Continuous Integration)

Demo #2 - (Make an Unauthorized Commit to Master using Continuous Integration)

RottenApple -

Blog Post:


Jonathan Claudius

April 16, 2013