Sort by:  

Conference:  Defcon 31
Authors: Asi Greenholts Security Researcher at Palo Alto Networks

GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers. In this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm. We will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of. We will then dive down to how GitHub Actions is working under the hood and I’ll show you how an attacker that is in control of an Action can utilize the mechanism of the GitHub Actions Runner to infect other Actions that are dependent on their Action and eventually infect the targeted project. Finally, after we’ve gained all of the theoretical knowledge I’ll show you a demo with POC malware that is spreading through Actions and we will talk on how to defend against this kind of attack.
Authors: Jose Donizetti

tldr - powered by Generative AI

The presentation discusses the use of Tracy, a tool for tracing and profiling software executions, to detect and prevent supply chain attacks in DevOps workflows.
  • Tracy is a tool for tracing and profiling software executions in DevOps workflows
  • The tool can be used to detect and prevent supply chain attacks
  • Tracy uses denial and allow lists to identify good and bad activity
  • The tool extends profiles to include user ID, arguments, and environment variables
  • Tracy can ignore certain system and environment variables to ensure consistency
  • The tool uses syscall to collect information on executed binaries
  • An anecdote is provided to illustrate how Tracy can detect a supply chain attack
Authors: Stephen Giguere

tldr - powered by Generative AI

The presentation discusses the security challenges faced by open source projects and GitOps workflows, particularly in relation to GitHub Actions workflows. The speaker demonstrates potential abuses and vulnerabilities in GitHub Actions workflows and highlights the importance of implementing best practices to protect against attacks.
  • Open source projects and GitOps workflows are vulnerable to security threats
  • GitHub Actions workflows can be abused by malicious actors to gain access to sensitive information
  • Best practices, such as implementing environmental protection and short-lived tokens, can help protect against attacks