/Azure-DevOps-server-supply-chain-attack-tree

Azure DevOps server supply-chain attack tree (map, Attack surface, threat modeling)

GNU General Public License v3.0GPL-3.0

Azure DevOps Server supply chain attack tree v0.2.0 (! in DEV - important !)

Introduction

Azure DevOps server supply-chain attack tree (map, Attack surface, threat modeling). The attack trees present in this repository were generated using the Deciduous tool.

Content

  • Introduction;
  • Not considered;
  • Attacker's goals;
  • Attack tree;
  • Useful links.

Not considered

  • Attacks aimed at elevating access rights to previously compromised accounts.

Attacker's goals

I have identified the following possible targets for an attacker:

  • Leak source code (or accidentally publish the code on some Internet resource by careless developer);
  • Submit malicious code;
  • Modify release tag to point vulnerable commit - the application is not being built from the expected commit (from the attacker's commit);
  • Delete malicious code from history (i.e. force push or delete branch) - evidence clearing;
  • Remove a repository - disrupt the development process;
  • RCE on ADO Server or Build agent -> Lateral movement and other malicious activity -> Submit malicious code.

The attacker's targets in the attack tree are indicated by a purple rounded rectangle.

Attack tree

Azure DevOps Server supply chain attack tree

Useful links