Exploiting CI/CD with Style(lint): LOTP Guide
TL;DR: CI/CD remains a stealthy and soft target for supply chain attacks—especially via linters, formatters, build and test tools. This guide breaks down Living Off the Pipeline (LOTP) techniques, where attackers exploit CI tools already present and without modifying the workflow itself—using config files, plugins, and environment variables instead.