2025-11-15 –, Hochschule München - R0.006
CI/CD pipelines significantly increase development efficiency but also introduce complex security risks. Vulnerabilities in these systems expose sensitive credentials, enable attackers to manipulate build processes, compromise cloud environments, and escalate privileges. This immersive, hands-on workshop will guide participants through real-world scenarios and hacking challenges to exploit and secure CI/CD pipelines, Kubernetes clusters, and AWS infrastructure.
In this interactive workshop, participants will assume the role of penetration testers, engaging in practical hacking challenges supported by concise theoretical insights. Participants will:
- Gain initial access to a CI/CD pipeline.
- Extract sensitive information from code repositories.
- Exploit weak configurations on orchestrators.
- Compromise build nodes to inject backdoors.
- Pivot within cloud infrastructures.
- Escape Kubernetes isolation through common misconfigurations.
- Perform privilege escalation within AWS environments.
Practical CTF-style challenges will be complemented with mitigation strategies and best practices, providing participants actionable knowledge to secure and protect critical infrastructures.
CI/CD Security, Cloud Infrastructure, Kubernetes, DevSecOps
Daniel Schwendner is a DevOps Engineer with a strong passion for Cyber Security. With a background in mobile application security and hardware security, he participates in bug bounty hunting and shares his security knowledge online.
Samuel Hopstock is a software engineer at Guardsquare, where he was one of the first engineers working on AppSweep, a mobile app security testing tool. Initially, he contributed to the Java bytecode analysis engine for Android apps. Since then he has shifted his focus to analyzing and protecting native iOS, Android, and Flutter binaries.