Jamie Baxter

Jamie is an independent cyber security consultant specializing in security assessments, ranging from cloud, web, mobile and infrastructure penetration tests to red teaming exercises.

Prior to independent consulting, Jamie was the Director of Cyber Security Assessments at RBC, a Senior Penetration Tester for the Department of National Defence, and a developer for over 10 years.

When not on an engagement, he can be found competing in and building CTFs. He holds an OSCP, OSCE, GPEN and CISSP certification.

Social Profiles

All Sessions by Jamie Baxter

Day 1
13:45

Continuous Compromise: How Attackers are Targeting Cloud-Based CI/CD Pipelines and Deployments

13:45 - 14:30

As DevOps continues to transform organizations and the use of cloud services becomes ubiquitous, it’s no surprise attackers (and pentesters!) are increasingly targeting the technologies that enable it. We’ll take a tour through a collection of real-life examples and case-studies to explore how vulnerabilities across the CI/CD stack and cloud service deployments are successfully targeted and exploited. Resulting in the disclosure of sensitive information, the co-opting of the build, deployment and orchestration infrastructure and potentially the compromise of the organization itself. But all is not lost, we will conclude with a number of recommendations for teams to raise their security bar without slowing velocity.

DevOps

Where

Speakers Hall

Connect to Us

Jamie Baxter

Social Profiles

All Sessions by Jamie Baxter

Day 1

Continuous Compromise: How Attackers are Targeting Cloud-Based CI/CD Pipelines and Deployments

Share