Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Dark Playground of CI/CD - Attack Delivery by GitHub Actions

BSidesLV via YouTube

Start learning Write review
Simplilearn Ad

Pass the PMP® Exam on Your First Try — Expert-Led Training

Learn More → Babbel Ad

Start speaking a new language. It’s just 3 weeks away.

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the potential security vulnerabilities in GitHub Actions, a popular CI/CD feature, through this comprehensive conference talk. Dive into known and unknown attack techniques, including newly discovered vectors such as "Malicious Custom Action" and "GitHub Actions C2". Examine code explanations and live demonstrations of these attacks, and gain insights into threats like "Free Jacking", "Malicious Public PR&Fork", and "Theft of Secret". Learn how researchers systematize these attacks based on GitHub's features and threat levels. Understand the broader implications for other CI/CD services with similar features, and discover how this research contributes to enhancing overall security in the CI/CD landscape. Presented by Yusuke Kubo and Kiyohito Yamamoto, this talk also touches on their collaboration with GitHub for responsible disclosure and countermeasure development.

Syllabus

BG - The Dark Playground of CI/CD: Attack Delivery by GitHub Actions

Taught by

BSidesLV

Reviews

Start your review of The Dark Playground of CI/CD - Attack Delivery by GitHub Actions

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.