BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2026//G8LEMY
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-VM3PV8@cfp.nsec.io
DTSTART;TZID=EST:20260514T133000
DTEND;TZID=EST:20260514T140000
DESCRIPTION:For years\, we wrote the defensive manuals. We built the "Livin
 g Off The Pipeline" (LOTP) inventory and released `poutine` to help you fi
 nd the vulns. We even spoke at NorthSec about the theoretical risks of Bui
 ld Pipeline compromise.\n\nWe have bad news: **The Threat Actors were "in 
 the room" taking notes.**\n\nIn early 2025\, we found the "smoking gun." A
  Threat Actor on BreachForums laid out the full attack plan for a 0-day co
 mpromise of a major Open Source project\, giving a direct shout-out to our
  `poutine` scanner and LOTP research as the source. Our defensive work has
  become their offensive playbook.\n\nIn this talk\, we stop playing defens
 e.\n\nIntroducing **SmokedMeat**: The "Metasploit for CI/CD."\n\nOur resea
 rch team has a saying: 2025's Build Pipelines look like the average 2005 P
 HP Web App in terms of secure coding. They are wide open to "pwn requests"
  and command injections that lead to secrets exfiltration or privilege esc
 alation via overprivileged tokens. SmokedMeat is the first Open Source Red
  Team framework designed to commoditize these compromises\, demonstrating 
 exactly what happens when a Threat Actor turns your infrastructure against
  you.\n\nWe will demonstrate a full exploitation chain: pivoting from unpr
 ivileged anonymous access on public repositories to private repository and
  intellectual property theft\, the "gone in 60 seconds" jump from a workfl
 ow runner directly to permanent Cloud Admin\, and the ability to escape ep
 hemeral job contexts to implant permanent backdoors on your build infrastr
 ucture.\n\nThe era of "awareness" is over. This talk is a live demonstrati
 on of why your current CI/CD security strategy is already obsolete.
DTSTAMP:20260507T203514Z
LOCATION:Ville-Marie
SUMMARY:Living Off The Pipeline: Defensive Research\, Weaponized - Françoi
 s Proulx
URL:https://cfp.nsec.io/2026/talk/VM3PV8/
END:VEVENT
END:VCALENDAR