OWASP Toronto - June Event - GitHub Actions: Protecting your CI from attackers

[Adam Greenhill]

Hey everyone,

We're pleased to announce next month's OWASP Toronto chapter event. Come join us for an exciting presentation!

This month, the meetup will be virtual. The details can be found below or at the Meetup event page!

Sincerely,

Adam

-----

Details

Date/Time: June 8, 2022, 6:30 PM to 8:30 PM EDT
Location: online on YouTube: https://www.youtube.com/watch?v=noBITSNzy9Q

TALK

GitHub Actions: Protecting your CI from attackers

Summary:

This talk plans to demonstrate how GitHub Actions work and show security measures to protect your Actions from misuse by attackers. First, we’ll do a deep dive into the Runners, the servers provided by GitHub to run your Actions, and the risks of using them. Then, we’ll show how attackers can leverage these runners to mine cryptocurrencies, pivot into other targets, and more. Lastly, we’ll demonstrate how to maliciously distribute backdoors into different repositories via the GitHub Actions Marketplace.

Presenter:

Magno Logan

Magno Logan works as an Information Security Specialist for Trend Micro Cloud and Container Security Research Team. He specializes in Cloud, Container, and Application Security Research, Threat Modelling, Red Teaming, DevSecOps, and Kubernetes Security, among other topics. He has been tapped as a resource speaker for numerous security conferences around the globe including Canada, USA, Portugal, and Brazil. He is also the founder of JampaSec and a member of the CNCF Security TAG team.