Attacking Chef for Red Teams and Pen Testers

Organizations continue to improve their technical capabilities, making the vulnerabilities that we can exploit become increasingly difficult to use to gain access to organizations. As we emulate attackers in our red team operations and penetration testing engagements, we must evolve our techniques. One of the ways we can evolve is to shift to DevOps pipelines to continue to protect the organizations we work for. Chef is one of those tools we, as attackers, can attack not just on a technical level but in people and processes. By abusing the people and process, we, as attackers, can not only further our goals in our engagements but further protect our organizations by exposing weaknesses in those processes. Chef is a popular tool for orchestration management, and attacking Chef can give attackers vast access to the environments that are managed. This presentation will demonstrate how access to Chef can be gained, explore the data contained in Chef, and how we, as attackers, can use Chef to expand our access beyond what vulnerabilities like SQL injection or RCE alone can provide.

Micheal is a Red Team Operator at Disney with a specialty in web applications and DevOps. He holds multiple certifications including OSCP, CRTO, and most recently OSWE. When not working, Micheal spends time with his cat and enjoys playing video games.