Thanks for the resource. I do, however, have some concerns about the source of some of this content and lack of sufficient crediting of the original authors.

For example, the following two articles are identical:
https://hackingthe.cloud/aws/general-knowledge/connection-tracking/
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-basic-information/connection-tracking

I don't see anything in the hacktricks article referencing the original source or crediting the original author. I feel this is particularly relevant considering that hacktricks are seeking sponsorship from both individuals and organisations to support the project.

There appear to be a number of pages of content which are directly copied from https://frichetten.com. Did you get permission to copy that content? This seems inappropriate to copy so much content directly like this.

The current GitHub Actions cache poisoning section (https://cloud.hacktricks.xyz/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning) is a bit light on details.

I've done some research on this and written some PoC code that I'd like to add. A couple of key points:

• Token used to write to cache is valid for 6 hours is not invalidated after workflow finishes. (working as intended per GitHub)
• Cache keys/version are set client side, no server side validation at all (working as intended per GitHub).
• Cache file itself is not validated when there is a cache hit (it is just a zstd compressed archive), so a poisoned cache entry can overwrite scripts, package.json, etc, even if the intended cache value is a specific directory.

POC Code to write to cache and steal cache tokens: https://github.com/AdnaneKhan/ActionsCacheBlasting

Feel free to add or I can create a PR (will end up re-writing most of the existing information), unfortunately the Scribe Security article was fairly light on how to actually poison caches. Fortunately, I like sharing knowledge to help people hack all the things :)

Hi,

First, thank you for cloud.hacktricks.xyz this is really awesome ! I would like to contribute by adding new content regarding CI/CD pipeline and more specifically on secret extraction.

We developed a tool called Nord Stream which automate everything to extract secrets that are stored inside CI/CD environments. The tools currently support Azure Devops, GitHub and GitLab. You can found it here: https://github.com/synacktiv/nord-stream. We also have a blog post explaining how secrets are stored in those systems and how we can extract them automatically (https://www.synacktiv.com/publications/cicd-secrets-extraction-tips-and-tricks).

If you are interested I could add this to cloud.hacktricks.xyz. I just don't know where I can add all of this because there are no sections for Azure Devops and GitLab and I don't know If the general Pentesting CI/CD Methodology section is the appropriate place to put all of this.

You can arrange this as you wish, but I could also open a PR if you help me to organize everything :)