all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts

Add to bookmarks
Sept. 17, 2023, 12:42 a.m. | DEFCONConference

DEFCONConference www.youtube.com

GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.

In this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.

We will start by exploring the ways in which Actions …

actions attacker attackers con def def con def con 31 ecosystem github github actions host open source platform popular projects rising target worm

Visit resource

More from www.youtube.com / DEFCONConference

DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater 1 week ago | www.youtube.com
analysis con cryptography def +17
DEF CON 31 - Breaking BMC The Forgotten Key to the Kingdom - Alex Tereshkin, … 1 week ago | www.youtube.com
access adam alex baseboard management controller +19
DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer … 1 week ago | www.youtube.com
con cost def def con +18
DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 1 week ago | www.youtube.com
analysis con def def con +17
DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan … 1 week ago | www.youtube.com
boston byt3bl33d3r city con +19
DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 1 week ago | www.youtube.com
automotive automotive industry car car hacking +17
DEF CON 31 - Staying Undetected Using the Windows Container Isolation Framework - Daniel Avinoam 1 week ago | www.youtube.com
called cases con container +21
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 1 week ago | www.youtube.com
abusing active directory authority con +19
DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 1 week ago | www.youtube.com
atm atms code code execution +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Business Information Security Officer

@ Metrolink | Los Angeles, CA
View on infosec-jobs.com

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City
View on infosec-jobs.com

Security Engineer

@ ChartMogul | Remote, EU
View on infosec-jobs.com

Senior Threat Engineer

@ Zscaler | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Information Security Communication Specialist

@ MicroStrategy | Mumbai, India
View on infosec-jobs.com

Principal Software Engineer (Network Security - SASE)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com
View more jobs