Racing for Hidden Treasures in Public GitHub Repositories - Exploiting Build Artifacts
Offered By: BSidesLV via YouTube
Course Description
Overview
Explore a novel attack vector in open-source projects using GitHub Actions in this 19-minute conference talk from BSidesLV. Discover how leaked access tokens hidden within build artifacts can be exploited to gain control over open-source projects. Learn about the challenges of racing against time to utilize ephemeral tokens before they expire, and see real-world examples of breached popular open-source projects and those maintained by high-profile organizations. Gain insights into unearthing sensitive data in build artifacts, crafting high-speed exploits, and executing swift attacks using these techniques.
Syllabus
Common Ground, Tue, Aug 6, 17:00 - Tue, Aug 6, CDT
Taught by
BSidesLV
Related Courses
How to Protect APIs Using the Microsoft Identity PlatformMicrosoft via YouTube Tokenisation and Encryption in Digital Payments, FinTech
Udemy Authenticate Users with FastAPI and Token Authentication
Linode via YouTube JWT Authentication - Persist Login State on Refresh - MERN Stack
Dave Gray via YouTube React Login Authentication with JWT Access, Refresh Tokens, Cookies and Axios
Dave Gray via YouTube