top of page

Attacking DevOps Pipelines

Workshop Abstract


This training lab will walk students through practical, field-tested red team attacks against popular DevOps platforms. Students will get hands-on as they attack the fictitious World of Baseball Analysis (WOBA) LLC, a leader in advanced baseball scouting and research. Students will be taught how to identify escalation pathways through software development pipelines, CI/CD systems, and automation frameworks as they try to gain access to WOBA's intellectual property and flagship software platform.

Students will be exposed to TTPs pulled from real-world adversary simulations against source code repositories, build servers, credential vaults, automation tools, and Infrastructure-as-Code (IaC) platforms.

A laptop with an OpenVPN client, browser, and RDP/SSH client. Students will receive an OpenVPN configuration file that provides access to the training environment.

Attendee cap: 

Date & Time

September 8, 2023  |  9:00 AM - 1:00 PM



Jefferson Community and Technical College (JCTC) - 110 W Chestnut St, Louisville, KY 40202

Your Instructors

Tom Porter

Tom Porter (@porterhau5) started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began writing netflow analytics for a DoD-based blue team, eventually pivoting to a role as an offensive security consultant for Accenture’s FusionX Red Team.

Tom Porter headshot.png

Colbert Zhu

Colbert Zhu is an offensive security consultant with experience in penetration testing, purple teams, and objective-based adversary simulations. Colbert is also an avid Yankees fan and fond of making Excel spreadsheets for fantasy baseball. 

Colbert Zhu headshot.png
bottom of page