Skip to content

Commit

Permalink
Merge pull request #51 from kitctf/add/github-insecure-actions-talk
Browse files Browse the repository at this point in the history
Add insecure GitHub Actions talk
  • Loading branch information
intrigus-lgtm authored Nov 2, 2023
2 parents 898f7da + 2beb58b commit 353a922
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions _posts/2023-11-02-insecure-github-actions.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
layout: post
title: "Talk: Insecure GitHub Actions"
categories: learning
author: intrigus
---

You know GitHub Actions, these small building blocks that make your dev life easier… But they can also get you pwned in no time, if you are not careful.

The talk covers:
* the basic structure of a GitHub Actions workflow.
* the general permission model of GitHub Actions.
* insecure templating and executing user-controlled code in privileged workflows.
* cache poisoning in workflows.

The slides can be found [here](/talks/2023-10-26-insecure-github-actions/insecure-github-actions.pdf). The workshop was held on 2023-10-26.
Binary file not shown.

0 comments on commit 353a922

Please sign in to comment.