GitHub Codespaces provides an instant cloud-based development environment, allowing you to spin up a fully configured VS Code workspace. Everything runs in a container, and you get a familiar environment right in the browser or your local editor.

It comes with a unique risk — especially from a red team perspective. If you're targeting an organization that relies on Codespaces, you might have a subtle and persistent foothold sitting right under their nose.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

Under the hood these environments are built from Docker containers defined in the project’s repository, typically using a .devcontainer/devcontainer.json file. With this configuration file, developers can set up everything from runtime versions to VS Code extensions — and more importantly, automate scripts that run every time a new Codespace is created.

At the core of this attack is the postCreateCommand property in the .devcontainer/devcontainer.json file. This command executes automatically after the container is built and ready. It’s commonly used to install project dependencies or set up tooling — but it can just as easily run malicious commands, install backdoors, or exfiltrate secrets. If an attacker can modify this configuration file in a repository that supports Codespaces, they can establish persistent, cloud-hosted access without ever touching the developer’s physical machine.

This kind of attack surface is especially interesting because it leverages the developer’s own environment against them. Developers typically trust their Codespaces — after all, it’s “just the dev environment” — and may not think twice about the commands running in the background. But because Codespaces can access repository secrets, environment variables, cloud tokens, and even production infrastructure (via CI/CD integrations or deploy scripts), the impact can be far-reaching.

Here’s a simple lab you can use to see this attack in action. Do try it out.

Red Team Notes
GitHub Codespaces lets developers spin up cloud-based dev environments using .devcontainer configs. These configs can include postCreateCommand — a script that runs automatically after setup. A red team operator with write access to a repo can abuse this by adding a silent postCreateCommand that exfiltrates environment variables, installs a backdoor, or runs arbitrary code. 

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.