Bypassing Branch Protections with Github Actions (CI/CD)

In this video we’ll dig more into Continuous Integration and Continuous Deployment (CI/CD) with Github Actions -- with indirect pipeline poisoning and bypassing branch protection, we'll uncover what modern security mechanisms should be in place with online repositories!

You can learn more about Carlos Polop, Ignacio Dominguez or the security audits and assessments that HALBORN performs at https://j-h.io/halborn

00:00 - Branch Protection
00:25 - Introductions
02:34 - Demo Start 07:06 - GitHub Actions PR permission setting 08:27 - Attack Start 12:03 - A note about being repository admin
14:46 - Reset and re-attack
16:46 - Q&A session
18:44 - Wrap up

Help the channel grow with a Like, Comment, & Subscribe! ❤️ Support ➡ https://j-h.io/patreon ↔ https://j-h.io/paypal ↔ https://j-h.io/buymeacoffee Check out the affiliates below for more free or discounted learning! 🐱‍👤SEKTOR7 ➡ Malware Development, AV Evasion https://j-h.io/sektor7 🖥️ Zero-Point Security ➡ Certified Red Team Operator https://j-h.io/crto 💻Zero-Point Security ➡ C2 Development with C# https://j-h.io/c2dev 🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering https://j-h.io/zero2auto ⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training https://j-h.io/escalate 📗Humble Bundle ➡ https://j-h.io/humblebundle 🐶Snyk ➡ https://j-h.io/snyk

🌎Follow me! ➡ https://j-h.io/discord ↔ https://j-h.io/twitter ↔ https://j-h.io/linkedin ↔ https://j-h.io/instagram ↔ https://j-h.io/tiktok

📧Contact me! (I may be very slow to respond or completely unable to) 🤝Sponsorship Inquiries ➡ https://j-h.io/sponsorship 🚩 CTF Hosting Requests ➡ https://j-h.io/ctf 🎤 Speaking Requests ➡ https://j-h.io/speaking 💥 Malware Submission ➡ https://j-h.io/malware ❓ Everything Else ➡ https://j-h.io/etc ... https://www.youtube.com/watch?v=UbfhVXJn6fk