|
|
|
|
|
|
by frothy-dashcam
62 days ago
|
|
|
I absolutely second the OP. I used to be a penetration tester and whenever I had low level contributor access to an internal repository I managed to break out into the cloud and in 99% of cases I was an administrator after that. CI/CD is remote code execution as a service and way too often way too misconfigured. When I say low-level contributor access, I mean the level you give an intern who joins your company for a two-week summer internship. They come as an unpaid intern, they leave as an AWS administrator. Pretty good deal in my book ;)
Thank you so much for creating the tool. This might drive the point home just how easy it is to exploit this stuff. |
|
|