CI/CD - The Keys to the Kingdom and Some More

Official Website link

• CI/CD the keys to the kingdom and some more – Security Days Fall 2026

WS2-09 | March 25 (Wed) 16:00-17:30 | 5F | Workshop | Consecutive Translation

Workshop Overview

CI/CD platforms today have access to your code, secrets, cloud, and infra — which makes them prime targets. In this session, we explore how attackers exploit GitHub Actions, GitLab CI, and Jenkins runners to escalate privileges, exfiltrate secrets, and deploy backdoors — all from within your automation workflows.

Learning Outcomes

• Identify critical trust boundaries in CI/CD setups
• Understand runner abuse, artifact poisoning, and token leakage
• Evaluate default vs. secure pipeline configurations
• Apply hardening practices that actually work

Audience Level

Intermediate — The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Prerequisites

1. Personal Laptop with unrestricted internet access
2. Google Account with Access to Google Cloud Console & Cloud Shell (reference)
3. Personal GitHub Account
4. Discord Account for support

Due to the short duration of the workshop, dedicated troubleshooting support is not provided. If your system does not work, the recommended approach is to observe how others are progressing and try again after the workshop.

Event Information

• Event: Security Days Fall 2026 (Tokyo)
• Session Code: WS2-09
• Date & Time: March 25, 2026 (Wed) 16:00-17:30
• Venue: Tokyo Venue (5F)
• Format: Workshop
• Translation: Consecutive translation available
• Instructor: Anant Shrivastava | Founder, Cyfinoid Research
• Official Site: Security Days Fall 2026