BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: The Dark Playground of CI/CD: Attack Delivery by Git Hub\n Actions\n When: Friday\, Aug 11\, 13:15 - 13:59 PDT\n Where: F lamingo - Savoy - AppSec Village - Main Stage - [1]Map\n Speakers:Kiyohi to Yamamoto\,Yusuke Kubo\n\n SpeakerBio:Kiyohito Yamamoto \, Security En gineer at NTT Communications\n Kiyohito Yamamoto works as an Security En gineer at NTT Communications\,\n Japanese Telecommunication Company\, an d is also NTT Group Certified\n Security Principal. He served as a Senio r Response Expert during the\n Tokyo Olympics and also conducted TLPT te sts.\n\n SpeakerBio:Yusuke Kubo \, Offensive Security Researcher at NTT\ n Communications\n Yusuke Kubo works as an Offensive Security Research er at NTT\n Communications\, Japanese Telecommunication Company\, and is also NTT\n Group Certified Security Principal. His responsibilities inc lude\n researching attack techniques and providing RedTeam for internal. And\n he contributed to MITRE ATT&CK regarding Safe Mode Boot(T1562.009 ).\n\n Description:\n We are investigating new attack vectors regardin g a CICD service\n called Github Actions. Through an analysis of GitHub Actions behavior\n on Windows\, our research has discovered two attack t echniques\n\n ・Malicious Custom Action\n  It is an attack techniqu e to execute arbitrary TTPs from custom\n actions. Introduce two types\, “Malicious JScript Composite Action”\n and “Malicious JavaScript Custom Action”.\n\n ・GitHub Actions C2\n  We will demonstrate a new C2 framework using self-hosted runner in\n GitHub Actions\n\n In t his presentation\, we will provide a detailed explanation of these\n att ack techniques\, along with PoC code and demonstrations. We will\n also discuss real-world threats and provide insight on detection and\n mitiga tion strategies.\n\n '\n\n 1. #FlamingoThirdFloor\n\n\n DTEND:20230811T205900Z DTSTART:20230811T201500Z LOCATION:APV - Flamingo - Savoy - AppSec Village - Main Stage SUMMARY:The Dark Playground of CI/CD: Attack Delivery by GitHub Actions END:VEVENT END:VCALENDAR