DEF CON 31 - The GitHub Actions Worm - Asi Greenholts | allinfosecnews.com

Sept. 17, 2023, 12:42 a.m. | DEFCONConference

DEFCONConference www.youtube.com

GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.

In this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.

We will start by exploring the ways in which Actions …

actions attacker attackers con def def con def con 31 ecosystem github github actions host open source platform popular projects rising target worm

More from www.youtube.com / DEFCONConference

DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker 3 weeks, 5 days ago | www.youtube.com

con def def con def con 31 +5

DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang 7 months, 1 week ago | www.youtube.com

clouds con conflict culture +20

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 7 months, 1 week ago | www.youtube.com

abusing active directory authority con +19

DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 7 months, 1 week ago | www.youtube.com

atm atms code code execution +20

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts 7 months, 1 week ago | www.youtube.com

actions attacker attackers con +14

DEF CON 31 - Defeating VPN Always On - Maxime Clementz 7 months, 1 week ago | www.youtube.com

access always on attack attack surface +22

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 7 months, 1 week ago | www.youtube.com

automotive automotive industry car car hacking +17

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 7 months, 1 week ago | www.youtube.com

analysis con def def con +17

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded … 7 months, 1 week ago | www.youtube.com

abusing automotive bus can bus +18

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States

View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India

View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone

View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA

View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com