YoVDO

Racing for Hidden Treasures in Public GitHub Repositories - Exploiting Build Artifacts

Offered By: BSidesLV via YouTube

Tags

GitHub Courses Cybersecurity Courses GitHub Actions Courses Cloud Services Courses Exploit Development Courses Access Tokens Courses Vulnerability Research Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a novel attack vector in open-source projects using GitHub Actions in this 19-minute conference talk from BSidesLV. Discover how leaked access tokens hidden within build artifacts can be exploited to gain control over open-source projects. Learn about the challenges of racing against time to utilize ephemeral tokens before they expire, and see real-world examples of breached popular open-source projects and those maintained by high-profile organizations. Gain insights into unearthing sensitive data in build artifacts, crafting high-speed exploits, and executing swift attacks using these techniques.

Syllabus

Common Ground, Tue, Aug 6, 17:00 - Tue, Aug 6, CDT


Taught by

BSidesLV

Related Courses

How to Protect APIs Using the Microsoft Identity Platform
Microsoft via YouTube
Tokenisation and Encryption in Digital Payments, FinTech
Udemy
Authenticate Users with FastAPI and Token Authentication
Linode via YouTube
JWT Authentication - Persist Login State on Refresh - MERN Stack
Dave Gray via YouTube
React Login Authentication with JWT Access, Refresh Tokens, Cookies and Axios
Dave Gray via YouTube