Azure DevOps server supply-chain attack tree (map, Attack surface, threat modeling). The attack trees present in this repository were generated using the Deciduous tool.
- Introduction;
- Not considered;
- Attacker's goals;
- Attack tree;
- Useful links.
- Attacks aimed at elevating access rights to previously compromised accounts.
I have identified the following possible targets for an attacker:
- Leak source code (or accidentally publish the code on some Internet resource by careless developer);
- Submit malicious code;
- Modify release tag to point vulnerable commit - the application is not being built from the expected commit (from the attacker's commit);
- Delete malicious code from history (i.e. force push or delete branch) - evidence clearing;
- Remove a repository - disrupt the development process;
- RCE on ADO Server or Build agent -> Lateral movement and other malicious activity -> Submit malicious code.
The attacker's targets in the attack tree are indicated by a purple rounded rectangle.
