Post Exploitation > Living off the pipeline
Inventory how development tools (typically CLIs), have lesser-known RCE-By-Design features.
Living Off the Pipeline (LOTP)
Introduction
The idea of the LOTP project is to inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features ("foot guns"), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.
Contributions
We welcome contributions submitted as Pull Requests with new tool contributions or simply Issues for new ideas.
License
Released under Apache 2.0 by @boostsecurityio.
Prior art / Credits
This project is largely inspired from previous projects such as: