Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Watch a DEF CON 31 conference talk exploring the security vulnerabilities in GitHub Actions and the potential for malicious code propagation. Learn how attackers can exploit the Custom GitHub Actions ecosystem by creating dependency trees and leveraging loose dependencies between actions. Discover the internal workings of GitHub Actions Runner and understand how compromised actions can spread malicious code to dependent projects. Follow along with a proof-of-concept demonstration of a worm spreading through GitHub Actions, and gain insights into defensive strategies against such attacks. Gain valuable cybersecurity knowledge about protecting CI/CD pipelines and understanding the risks associated with third-party actions in the popular GitHub platform.
Syllabus
DEF CON 31 - The GitHub Actions Worm - Asi Greenholts
Taught by
DEFCONConference