LIVE DEMO: Supply Chain Attacks in the Terraform Registry - Kyle Kotowick - NDC Security 2025

This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndc-security.com/ Subscribe to our YouTube channel and learn every day: @NDC Follow our Social Media! https://www.facebook.com/ndcconferences https://twitter.com/NDC_Conferences https://www.instagram.com/ndc_conferences LIVE DEMO of a supply chain attack. Terraform currently has the largest market share of the IaC tools, used to manage billions of dollars of enterprise infrastructure. The Terraform Registry allows engineers to use community modules in their configurations. What few users know is that the Registry has a major security hole, allowing module authors to insert malicious code without the end user being aware. Come to this talk to learn about supply chain attacks and watch Kyle steal his own enterprise credentials through a module on the Terraform Registry. Guaranteed, you will never use it again.