44Con 2019 - Continuous Integration Continuous Bounties
CI/CD pipelines are the perfect, bug-rich target for new and experienced bug hunters. As complex, user-controlled automated processes with access to authentication secrets, source code, and application servers in multi-system, multi-user environments, they combine all the things that make bugs likely. In the presentation, I will outline a methodology for hunting for bugs in CI/CD pipelines and walk through actual bugs which have resulted in tens of thousands of dollars in bounty payments.
Recording
Slides
Links
- SSHReverseShell - Full TTY reverse shell over SSH
- CI Knew There Would Be Bugs Here - Exploring Continuous Integration Services as a Bug Bounty Hunter
- ResearchServers - A set of simple servers (currently HTTP/HTTPS and DNS) which allow configurable and scriptable responses to network requests