OH MY DC Abusing OIDC all the way to your cloud
Aviad Hahami
DEF CON 32 Main Stage · Day 1 · Main Stage
In the DEF CON 32 talk "OH MY DC Abusing OIDC all the way to your cloud," security researcher Aviad Hahami from Palo Alto Networks delves into the critical security implications of **OpenID Connect (OIDC)** within **Continuous Integration/Continuous Delivery (CI/CD)** pipelines. Hahami highlights a significant shift in authentication practices for machine-to-machine interactions, moving away from vulnerable hardcoded secrets or traditional API keys towards a more robust, identity-based approach facilitated by OIDC. The central premise of the talk is to expose potential pitfalls and misconfigurations that can arise when OIDC is integrated into CI/CD workflows, ultimately leading to unauthorized access to cloud environments.
AI review
This talk promises a deep dive into the critical, evolving attack surface of OIDC in CI/CD pipelines. It moves beyond theoretical discussions to expose concrete misconfigurations on both the user and CI vendor side that can lead to unauthorized cloud access. The technical detail provided in the summary, especially regarding OIDC claims and trust policies, indicates a robust understanding of the subject matter, offering actionable insights for defenders and novel exploitation ideas for researchers.