Abusing GitHub for Fun and Profit - Actions and Codespaces Security

Abusing GitHub for Fun and Profit - Actions and Codespaces Security

NDC Conferences via YouTube Direct link

Attacker's Dev-Container Config

4 of 17

4 of 17

Attacker's Dev-Container Config

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Abusing GitHub for Fun and Profit - Actions and Codespaces Security

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Infection Chain of GitHub/Netlify Abuse
  3. 3 Automate w/ Dev-Containers & GitHub CLI
  4. 4 Attacker's Dev-Container Config
  5. 5 Malware Abusing Codespaces
  6. 6 Actions Overview
  7. 7 GHA Marketplace
  8. 8 Abusing Windows Runners pt 2
  9. 9 List of repos with the SAME code!
  10. 10 Abusing Linux Runners
  11. 11 Abusing macOS Runners
  12. 12 Run nmap inside the Azure network
  13. 13 Reverse shell from the Runner
  14. 14 Pivot attacks using Runners
  15. 15 Malicious GitHub Actions
  16. 16 GHA Countermeasures
  17. 17 Codespaces Recommendations

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.