BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: The GitHub Actions Worm: Compromising GitHub reposit
 ories\n   through the Actions dependency tree\n   When: Saturday\, Aug 12\
 , 13:30 - 14:15 PDT\n   Where: Caesars Forum - Forum - 130-134 - Track 3 -
  [1]Map\n\n   SpeakerBio:Asi Greenholts \, Security Researcher at Palo Alt
 o Networks\n   Asi has 8 years of experience in the security field\, inclu
 ding\n   security architecture\, SOC management\, incident response\, and\
 n   application security research. Asi has gained his experience working\n
    for major organizations in the financial and government sectors.\n   To
 day\, Asi is a security researcher that focuses on revolutionizing\n   CI/
 CD security at Palo Alto Networks. During his free time\, Asi likes\n   to
  read\, invest in the stock market and to snowboard.\n   Twitter: [2]@@Tup
 leType\n\n   Description:\n   GitHub is the most popular platform to host 
 Open Source projects\n   therefore\, the popularity of their CI/CD platfor
 m - GitHub Actions is\n   rising\, which makes it an attractive target for
  attackers.\n\n   In this talk I’ll show you how an attacker can take ad
 vantage of the\n   Custom GitHub Actions ecosystem by infecting one Action
  to spread\n   malicious code to other Actions and projects by showing you
  a demo of\n   POC worm.\n\n   We will start by exploring the ways in whic
 h Actions are loosely and\n   implicitly dependent on other Actions. This 
 will allow us to create a\n   dependency tree of Actions that starts from 
 a project that we want to\n   attack and hopefully ends in a vulnerable Ac
 tion that we can take\n   control of.\n\n   We will then dive down to how 
 GitHub Actions is working under the hood\n   and I’ll show you how an at
 tacker that is in control of an Action\n   can utilize the mechanism of th
 e GitHub Actions Runner to infect other\n   Actions that are dependent on 
 their Action and eventually infect the\n   targeted project.\n\n   Finally
 \, after we’ve gained all of the theoretical knowledge I’ll\n   show y
 ou a demo with POC malware that is spreading through Actions and\n   we wi
 ll talk on how to defend against this kind of attack.\n\n   REFERENCES\n  
        [3]https://karimrahal.com/2023/01/05/github-actions-leaking-secrets
 /\n\n   '\n\n   1. #CaesarsForumBR\n   2. https://twitter.com/@TupleType\n
    3. https://karimrahal.com/2023/01/05/github-actions-leaking-secrets/\n\
 n\n
DTEND:20230812T211500Z
DTSTART:20230812T203000Z
LOCATION:DC - Caesars Forum - Forum - 130-134 - Track 3
SUMMARY:The GitHub Actions Worm: Compromising GitHub repositories through t
 he Actions dependency tree
END:VEVENT
END:VCALENDAR