Elevator Pitch
GitHub Actions is a powerful tool, but poor configuration can turn it into a critical attack vector. In this talk, we’ll explore how common mistakes allow malicious code execution, credential leaks, and privilege escalation.
Description
CI/CD pipelines speed up development, but what happens when they also speed up attacks?
GitHub Actions is a powerful tool, but poor configuration can turn it into a critical attack vector. In this talk, we’ll explore how common mistakes allow malicious code execution, credential leaks, and privilege escalation.
We’ll dive into real-world exploitation cases, advanced attacker techniques, and, most importantly, how to secure your pipeline before it’s too late.
If you think your CI/CD is secure, this talk will make you question it. And if it’s not… better you find out before an attacker does.