Sign up for our free Threat Hunting Summit June 17 Register Here

Workshop: CI CD Exploitation and Hardening

Course Authored by .

Workshop: CI/CD Exploitation and Hardening

This hands-on workshop teaches both offensive exploitation and defensive hardening of CI/CD pipelines. Students build pipelines using GitHub Actions and GitLab CI while learning how attackers exploit misconfigurations such as secret exposure and insecure workflows.

Live Training $25.00

Course Length: 4 Hours

Includes a Certificate of Completion



Enroll Now

Next scheduled date: July 10th, 2026 @ 12:00 PM EDT

Description

This hands-on workshop teaches both offensive exploitation and defensive hardening of CI/CD pipelines. Students build pipelines using GitHub Actions and GitLab CI while learning how attackers exploit misconfigurations such as secret exposure and insecure workflows.

The course emphasizes attacker mindset within the software supply chain. Students will explore techniques like environment variable exfiltration, script injection, and runner lateral movement, followed by defensive mitigation strategies.

The workshop progresses into DevSecOps practices including SAST, dependency scanning, container scanning, and egress monitoring. It concludes with a multi-stage GitLab CI/CD attack chain and a capstone project building a secure pipeline.

  • System Requirements
    • Kali Linux VM (provided)
    • VMware, VirtualBox, or similar
    • Multi-core CPU, 16GB RAM recommended
    • Internet connection
    • Software: Git, Go, Docker, Terraform, Ansible, AWS CLI

Syllabus

Syllabus

  • Module 1 – Environment Setup & Foundations

  • Module 2 – Data Processing & Logging

  • Module 3 – CI/CD Pipelines

  • Module 4 – Containerization

  • Module 5 – SDLC Best Practices

  • Module 6 – Webhooks & APIs

  • Module 7 – CI/CD Exploitation

  • Module 8 – CI/CD Hardening

  • Module 9 – Infrastructure as Code

  • Module 10 – Capstone Project

  • Module 11 – Advanced Attack Chains

FAQ

Who Should Take This Workshop

  • DevOps engineers

  • Security engineers and penetration testers

  • Developers implementing secure SDLC

  • System administrators managing infrastructure

  • Security researchers and CTF enthusiasts

Audience Skill Level

Intermediate. The course progresses from foundational concepts to advanced attack chains.

Student Requirements and/or Prerequisites

  • Linux command-line experience

  • Basic Git knowledge

  • Understanding of HTTP/APIs

  • GitHub account

  • Ability to run a VM

Key Takeaways

  • Build and manage CI/CD pipelines

  • Exploit CI/CD vulnerabilities

  • Harden pipelines with security tools

  • Implement DevSecOps best practices

  • Design secure end-to-end pipelines

  • Understand supply chain attack techniques

About the Instructor

Pixel splash background
Bio

Phil Miller joined the team at Black Hills Information Security (BHIS) in the spring of 2022 as a Security Consultant working on web application, external, and internal network testing. Prior to this role, he was an information security associate for an e-commerce B2B company. Phil chose BHIS because of the “the amazing content and fantastic quality of work that they deliver, and it’s an awesome group of talented individuals.” He loves being on a team with folks who are also passionate about their work. Outside of work, he enjoys the arts (drumming & music, drawing & painting), as well as sports (golfing, bowling, and basketball).

Register for Upcoming

  • Filter by Product Date
  • Filter by Product Instructor
  • Filter by Product Type

Workshop: CI CD Exploitation and Hardening

Pay What You Can

Live Training Phil Miller

Virtual

Includes:
  • Certificate of completion
  • 6 months class recording access via Discord 

    For tuition assistance with this course please send an email to: [email protected]

 

Content is loading, please wait.
Content is loading, please wait.
$25.00
July 10th, 2026 12:00 PM EDT - 4:00 PM EDT

Registration End Date: 10:00 PM, EDT July 9th 2026

Related products

Shopping Cart

No products in the cart.