github-actions-goat issues

Results 18 github-actions-goat issues

Sort by recently updated

trafficstars

Add section to simulate past attacks

Organize the project into two parts 1. Simulation of past attacks - [ ] SolarWinds (SUNPOST) - already exists - [ ] Codecov (tampering of artifact in storage account) -...

varunsh-coder

Add threat related to modification of artifact in storage/ release location

e.g. codecov breach

varunsh-coder

Improve dns exfiltration tutorial

- [ ] simulate exfiltration of token instead of repo (idea) - [ ] add block mode in harden-runner - [ ] add missing domain - storage.googleapis.com

varunsh-coder

Add a tutorial for secrets in build logs

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#exfiltrating-data-from-a-runner

varunsh-coder

Investigate checkspelling token leak

https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md

varunsh-coder

incident

github-actions-goat
github-actions-goat copied to clipboard

Metadata

Add section to simulate past attacks

Add threat related to modification of artifact in storage/ release location

Improve dns exfiltration tutorial

Add a tutorial for secrets in build logs

Investigate checkspelling token leak

Create tutorial for pinning actions

Add info about secure workflow website - action pinning

Add info about secure workflow website - token perms

Bumped spellcheck GHA from 0.17.0 to 0.27.0 (current version)

Create a PoC for GHSL-2023-271

← Metadata

Owner

Metadata

github-actions-goat github-actions-goat copied to clipboard

Metadata

← Metadata

Owner

Metadata

github-actions-goat
github-actions-goat copied to clipboard