Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Self-Hosted GitHub CI/CD Runners - Understanding Pipeline Security and Attack Prevention

Black Hat via YouTube

Start learning Write review
Datacamp Ad

Power BI Fundamentals - Create visualizations and dashboards from scratch

Learn More → Corporate Finance Institute Ad

Master Finance Tools - 35% Off CFI (Code CFI35)

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about critical security vulnerabilities in self-hosted CI/CD runners through this 40-minute Black Hat conference presentation. Explore how configuration errors in GitHub Actions and self-hosted build agents can expose organizations to high-impact supply chain attacks. Discover real-world examples of CI/CD vulnerabilities found in major platforms like GitHub, PyTorch, Microsoft, and TensorFlow. Examine how attackers can exploit poisoned pipelines to compromise non-ephemeral runners, escalate privileges, and steal repository secrets. Understand the potential impact of these attacks, which can lead to malicious code injection in application releases similar to the SolarWinds breach. Gain insights into preventing CI/CD vulnerabilities through proper security understanding and configuration of self-hosted runners. Security researchers Adnan Khan and John Stawinski share their findings from twelve months of research into GitHub Actions exploitation and post-exploitation techniques.

Syllabus

Self-Hosted GitHub CI/CD Runners: Continuous Integration, Continuous Destruction

Taught by

Black Hat

Reviews

Start your review of Self-Hosted GitHub CI/CD Runners - Understanding Pipeline Security and Attack Prevention

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.