The GitHub Actions Worm - Understanding CI/CD Platform Vulnerabilities

Watch a DEF CON 31 conference talk exploring the security vulnerabilities in GitHub Actions and the potential for malicious code propagation. Learn how attackers can exploit the Custom GitHub Actions ecosystem by creating dependency trees and leveraging loose dependencies between actions. Discover the internal workings of GitHub Actions Runner and understand how compromised actions can spread malicious code to dependent projects. Follow along with a proof-of-concept demonstration of a worm spreading through GitHub Actions, and gain insights into defensive strategies against such attacks. Gain valuable cybersecurity knowledge about protecting CI/CD pipelines and understanding the risks associated with third-party actions in the popular GitHub platform.