3 years ago

Category: Infrastructure, firewall, shell

CI/CD pipelines are at the heart of daily operations for many organizations today, also the place in our technology stack where our infrastructure has access to many different resources, from development and production environment to analytics keys and code signing credentials. With such wide access comes security considerations making CI/CD tools effectively extend the attack surface of our production system to our build and automated test and deployment environment.

Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/local-ipv4 To retrieve the Secret Key and Access Key of the AWS account associated with this build server

Replace the IP and port with your IP and listening port Backdooring the Build serverWith the similar technique used above, I can issue a few commands listed below to create a user account to gain remote access to the build server If the build server is hosted on a Windows Server.

As a continuation of this blog post, there is series 2 where I have listed other attacks where attackers have no access to build servers but gain access utilizing attacks such as automated build triggers to attack the build servers, configuring such attacks on different build servers and identifying and defending similar attacks on our infrastructure.