(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe's Frontend
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
In this post, I demonstrate Cacheract, which is an open source proof-of-concept for “Cache Native Malware’ that exploits GitHub Actions cache misconfigurations.| Adnan Khan's Blog
In this post, I cover how I discovered a CI/CD misconfiguration in the Release Drafter GitHub action and demonstrated how it could have directly impacted a Google owned open-source repository (and many more!) that used it by tag instead of SHA.| Adnan Khan's Blog
In just over a week, I’ll be speaking at Black Hat 2024 and DEF CON 32 along with my co-presenter, John Stawinski. We’re going to share our research on Self-Hosted GitHub Runner attacks…| Adnan Khan's Blog
What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…| Adnan Khan's Blog
