Adnan Khan
Adnan Khan
Currently the DynamoRIO attach feature w/ WinAFL requires WinAFL to be passed module that will be searched for among all processes. This makes sense when the process will be restarted...
The current GitHub Actions cache poisoning section (https://cloud.hacktricks.xyz/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning) is a bit light on details. I've done some research on this and written some PoC code that I'd like to add....
**Is your feature request related to a problem? Please describe.** Many workflows that would be vulnerable to pwn requests or injection use a deployment environment with required approvals to protect...
There are lots of checks that could be performed on a repository that involve additional API queries, and we probably only want to run them after we've identified a repository...
Gato has a lot of CLI parameters. Currently, these are passed as arguments to each module object (e.g. enumeration, attack). It would be good to move these to a configuration...
The GET request for run logs appears to be returning the following response after some time: ``` Bad Request Bad Request HTTP Error 400. The request is badly formed. ```...
# Description of the LOTP tool `actions/setup-node` is used to setup a node environment. It supports a `cache` flag which calls npm or yarn under the hood in order to...
Technically the PR number could be anything from the first workflow if from a PR and therefore could be used to inject code. This fixes it.
## PR Checklist Please check if your PR fulfills the following requirements: - [x] The commit message follows our guidelines: https://github.com/angular/angular/blob/main/CONTRIBUTING.md#commit - [ ] Tests for the changes have been...
**Description of the issue** There is a newer variation of GitHub Actions TOCTOU vulnerabilities known as "Workflow dispatch TOCTOU" - I wrote about a real-world example in a recent bug...