CI/CD platforms today have access to your code, secrets, cloud, and infra — which makes them prime targets. In this session, we explore how attackers exploit GitHub Actions, GitLab CI, and Jenkins runners to escalate privileges, exfiltrate secrets, and deploy backdoors — all from within your automation workflows. ## Learning Outcomes: - Identify critical trust boundaries in CI/CD setups - Understand runner abuse, artifact poisoning, and token leakage - Evaluate default vs. secure pipeline configurations - Apply hardening practices that actually work ## Audience Level Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic. ## Prerequisite: 1. Personal Laptop with unrestricted internet access 2. ⁠⁠Google Account with Access to Google Cloud Console & Cloud Shell (ref: docs.cloud.google.com/shell/docs/launching-cloud-shell) 3. Personal GitHub Account 4. Discord Account for support Due to the short duration of workshop, we would not be able to provide trouble shooting support to students. if the systems dont work recommended approach would be to see how others are doing and later on after workshop they can try it.