Posting this using a throwaway as I don't want to be associated with this one.
I did a demonstrator a couple of years ago of why we should be using 2FA for everything. We added a single binary to the post-build event in Visual Studio and checked it and the binary into the VCS. The binary grabbed the person who did the build's Chrome password database and used powershell to POST it to a private address. Then we chucked it through some shareware that reads the file and mailed the password back to the engineer we were demonstrating it to.
It's pretty easy to backdoor a machine without even having console access.
I did a demonstrator a couple of years ago of why we should be using 2FA for everything. We added a single binary to the post-build event in Visual Studio and checked it and the binary into the VCS. The binary grabbed the person who did the build's Chrome password database and used powershell to POST it to a private address. Then we chucked it through some shareware that reads the file and mailed the password back to the engineer we were demonstrating it to.
It's pretty easy to backdoor a machine without even having console access.
Be careful people.