Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a…| Adnan Khan's Blog
Preface Let’s think for a moment what a nightmare supply chain attack could be. An attack that would be so impactful that it could be chained to target almost every company in the world. For an attacker to carry out such an attack they would need to insert themselves into a component fundamental to building the largest open-source software projects on the Internet. What would an attacker need to target in order to carry out this attack? Cloud infrastructure would certainly qualify. What abo...| Adnan Khan's Blog
Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain tota…| John Stawinski IV
Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platform…| John Stawinski IV
Technical requirements to reach each level.| SLSA
