GitHub Actions Attack Diagram
The GitHub Actions Attack Diagram is a visual guide for identifying and exploiting vulnerabilities in GitHub Actions configurations. It outlines various attack paths, starting from read-only or write access to a GitHub organization or repository. The diagram covers multiple attack vectors, including: 1. Self-hosted runner takeover 2. PWN requests 3. Secrets exfiltration It provides links to additional resources for context and is based on real-world red team engagements and public vulnerability research. The diagram focuses on major attack paths and Tactics, Techniques, and Procedures (TTPs) that have been successfully used in live environments. While not exhaustive, the tool serves as a reference for security professionals to understand and mitigate potential risks in GitHub Actions workflows. It also includes references to related research presentations and blog posts detailing real-world exploits of CI/CD vulnerabilities.
FEATURES
ALTERNATIVES
Inceptor is a template-driven framework for evading Anti-Virus and Endpoint Detection and Response solutions, allowing users to create custom evasion techniques and test their security controls.
CobaltBus enables Cobalt Strike C2 traffic via Azure Servicebus for enhanced covert operations.
An open-source shellcode and PE packer for creating and managing portable executable files.
An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.
A free, safe, and legal training ground for ethical hackers to test and expand their skills
Collection of Return-Oriented Programming challenges for practicing exploitation skills.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.