Is This Your Pipe? Hijacking the Build Pipeline

Is This Your Pipe? Hijacking the BuildĀ Pipeline

As developers of the web, we rely on tools to automate building code, run tests, and even deploy services. What happens when we're too trusting of CI/CD pipelines? Credentials get exposed, hijacked, and re-purposed. We'll talk about how often and what happens when people leak public cloud credentials, how some are protecting themselves using encrypted secrets, how to bypass protections against leaking decrypted secrets and how to turn their Jenkins into your own butler.

E76c7ebc9d2e8a4b840f13cd01946437?s=128

Kyle Kelley

August 10, 2014
Tweet