This article discusses compromising shared CI/CD runner infrastructure, and how an attacker can escalate their privileges from basic source-repository access to compromising the environments the wider system is deploying.