Adnan Khan

Adnan is a Red Team Security Engineer and researcher who has recently been focusing on supply chain and CI/CD attacks. He has identified, demonstrated, and reported vulnerabilities impacting GitHub repositories belonging to organizations like Microsoft, Nvidia, GitHub, Google, and more. Additionally, he has spoken at conferences such as ShmooCon 2023 and BSides SF 2023 on the topic of GitHub Actions security.

Presentations:

• 2024-08-10 12:00 - DEF CON 32 (2024) - Grand Theft Actions: Abusing Self-Hosted GitHub Runners at Scale
• 2023-01-21 14:00 - ShmooCon 2023 - Phantom of the Pipeline — Abusing Self-Hosted CI/CD Runners

Copresenters:

• John Stawinski
  • 2024-08-10 12:00 - DEF CON 32 (2024) - Grand Theft Actions: Abusing Self-Hosted GitHub Runners at Scale
• Mason Davis
  • 2023-01-21 14:00 - ShmooCon 2023 - Phantom of the Pipeline — Abusing Self-Hosted CI/CD Runners
• Matt Jackoski
  • 2023-01-21 14:00 - ShmooCon 2023 - Phantom of the Pipeline — Abusing Self-Hosted CI/CD Runners