🚨 We know the real target behind the attack on tj-actions/changed-files! Coinbase! The first publicly known exploitation of the technique I presented at DEFCON 31: The GitHub Action Worm. Read the full story: https://t.co/IP6gdeoel5 By @omer_gil @yaronavital @_0xffd and I

New research our team released today, showing how we could push code to highly popular open source projects maintained by Google, AWS, Microsoft, & Red Hat, through a race condition in GitHub Actions. Go hunt critical #bugbounty issues ;) by @yaronavital https://t.co/ATvTfexwdv

This Saturday I will be speaking at #DefCon32 about OIDC misconfigurations and abuses in the context of CI/CD 🥴👹. Come check it out! https://t.co/moaaqw1rDU @PaloAltoNtwks #OIDC #oauth2 #ci #cd

Two great talks delivered in Vegas this year by our team - again! In this year’s hacker summer camp in LV, our Research team will stand on the @defcon & @BSidesLV stages again, to share two novel research projects we’ve been working on recently: #HackerSummerCamp #defcon32

Thank you @HoffmanYaniv for inviting me to discuss about CI/CD security and my "Awesome CI/CD Attacks" project. We explored challenges, solutions, and key insights in this critical area of cybersecurity. https://t.co/p3OK2Vs0K0

Right now on stage @TupleType with “The GitHub Actions Worm: Compromising GitHub repositories through the actions dependency tree”! Join live: https://t.co/Nu9BLR02r6

📚 tl;dr sec 234 🗡️ Awesome CI/CD Attacks @TupleType 🤖 STRIDE GPT ☁️ Non Production AWS Attack Surface @Frichette_n 🛡️ Secure defaults @ramimacisabird 🛠️ WAF bypass tool @infosec_au 💻 Hacking millions of routers @samwcyo https://t.co/pg2TR8tNLK

I'll be speaking at @BsidesTLV !!! Join my session about a novel supply chain attack technique abusing @github Actions intended behavior to spread a worm 🪱. https://t.co/JC9edpaa32

What do you think is an important routine for a Security Researcher? I think it is reading Cyber news daily. Here are the most unique and high quality resources I've found about CI/CD attacks in the past 3 years: https://t.co/xrE6hN1lBd Thanks @omer_gil for the review!

Use CVE-2024-27198 to freely access internal TeamCity instances, create admin access tokens, and steal secrets and configurations - even if the server is not exposed to the internet. How? 🧵 #1/10

Hi @BlackHatEvents - I was shocked to discover that one of your Cyber Security Trainer and Review Board Members is also an antisemitic, a terror supporter who publicly denies Hamas Terror acts. Please remove @Voulnet from his role immediately!

How a worm 🪱 can be used to compromise @github repositories at scale through the Actions dependency tree🌲? The blog details a public disclosure out of many reported to #bugbounty programs This was first reveled at @defcon 31 and @BSidesLV https://t.co/MKEaetYtSr

The GitHub Actions Worm: Compromising GtHub repositories through the actions dependency tree! 🕜 Sat 1:30 pm PT, Track 3 at @defcon 📺 Watch live here: https://t.co/fj1Amkf08f

Highly inspired by our @owasp Top 10 CI/CD Security Risks project, cool:)

My submission got accepted to @BSidesLV!! Join me at the underground track 🤫 where I'll talk about: The GitHub Actions Worm: Compromising GitHub repositories through the action dependency tree 🌳

My @defcon submission is accepted! Come see my talk 😄 The GitHub Actions Worm: Compromising GitHub repositories through the action dependency tree #defcon31

If you're going to @RSAConference this year and you want to see a new attack method, come see @omer_gil and myself talk about: Abuse of Repository Webhooks to Access Hundreds of Internal CI systems. https://t.co/Kpu27BehGX

Check out my new blog "How to secure your Open Source Project – A quick guide for developers" with examples for @github 🥳 https://t.co/m1N66CmZkM

🔥 The CI/CD Goat 🐐 just got wilder 🔥 Beat our new challenge and win a Gaming Keyboard!!! Thanks to @yaronavital and @omer_gil for co-writing the challenge!