The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree

Presented at BSidesLV 2023, Aug. 8, 2023, 4 p.m. (45 minutes)

How wide can a GitHub Actions worm spread? In this talk, I'll demonstrate how a worm can crawl through actions and projects, infecting them with malware. We will explore the ways in which actions are loosely and implicitly dependent on other actions, and create a graph-based dependency tree for GitHub actions. This map will set the path for our worm, that is searching its way to infecting as many action dependencies and target as many GitHub projects as possible. Join this talk to learn about the methods our worm uses to make its way towards other actions, to get familiar with the high profile open source projects we could hijack, and to see this worm in action over a demo.

Presenters:

• Asaf Greenholts
  Asi has 7 years of experience in the security field, including security architecture, SOC management, incident response, and application security research. Asi has gained his experience working for major organizations in the financial and government sectors. Today, Asi is a security researcher that focuses on revolutionizing CI/CD security at Palo Alto Networks. During his free time, Asi likes to read, invest in the stock market and to snowboard.

Links:

• https://www.bsideslv.org/talks#HWCBP7

Similar Presentations:

• BSidesLV 2023 / The Dark Playground of CI/CD: Attack Delivery by GitHub Actions
• DEF CON 31 (2023) / The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree
• Kernelcon 2020 Virtual / WannaWorm