Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Learn about critical security vulnerabilities in self-hosted CI/CD runners through this 40-minute Black Hat conference presentation. Explore how configuration errors in GitHub Actions and self-hosted build agents can expose organizations to high-impact supply chain attacks. Discover real-world examples of CI/CD vulnerabilities found in major platforms like GitHub, PyTorch, Microsoft, and TensorFlow. Examine how attackers can exploit poisoned pipelines to compromise non-ephemeral runners, escalate privileges, and steal repository secrets. Understand the potential impact of these attacks, which can lead to malicious code injection in application releases similar to the SolarWinds breach. Gain insights into preventing CI/CD vulnerabilities through proper security understanding and configuration of self-hosted runners. Security researchers Adnan Khan and John Stawinski share their findings from twelve months of research into GitHub Actions exploitation and post-exploitation techniques.
