DEF CON 31 - The GitHub Actions Worm - Asi Greenholts | allinfosecnews.com

Sept. 17, 2023, 12:42 a.m. | DEFCONConference

DEFCONConference www.youtube.com

GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.

In this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.

We will start by exploring the ways in which Actions …

actions attacker attackers con def def con def con 31 ecosystem github github actions host open source platform popular projects rising target worm

More from www.youtube.com / DEFCONConference

DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker 2 months ago | www.youtube.com

con def def con def con 31 +5

DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang 8 months, 2 weeks ago | www.youtube.com

clouds con conflict culture +20

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 8 months, 2 weeks ago | www.youtube.com

abusing active directory authority con +19

DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 8 months, 2 weeks ago | www.youtube.com

atm atms code code execution +20

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts 8 months, 2 weeks ago | www.youtube.com

actions attacker attackers con +14

DEF CON 31 - Defeating VPN Always On - Maxime Clementz 8 months, 2 weeks ago | www.youtube.com

access always on attack attack surface +22

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 8 months, 2 weeks ago | www.youtube.com

automotive automotive industry car car hacking +17

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 8 months, 2 weeks ago | www.youtube.com

analysis con def def con +17

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded … 8 months, 2 weeks ago | www.youtube.com

abusing automotive bus can bus +18

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com