Back to directory
WRITEUP #927

Hijacking Cloud CI/CD Systems for Fun and Profit

CloudCI/CDRepojacking
by@gh0st_r1d3r_0x9(Divyanshu)
Bounty
50,000
Program
Google (GCP)AWSMicrosoft (Azure)
Published
Jul 22, 2023
Added to HackDex
Jul 24, 2023
Read Full Writeuphttps://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit#azure
RELATED WRITEUPS
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
AI / LLMCI/CD
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
Race ConditionCI/CD

Built with ❤️ by Shubham Rawat