LIVE DEMO of a supply chain attack.

Terraform currently has the largest market share of the IaC tools, used to manage billions of dollars of enterprise infrastructure. The Terraform Registry allows engineers to use community modules in their configurations.

What few users know is that the Registry has a major security hole, allowing module authors to insert malicious code without the end user being aware. Come to this talk to learn about supply chain attacks and watch Kyle steal his own enterprise credentials through a module on the Terraform Registry. Guaranteed, you will never use it again.

Requires reliable internet during the talk.

Target audience: cloud infrastructure engineers / DevOps.