We are investigating new attack vectors regarding a CICD service called Github Actions. Through an analysis of GitHub Actions behavior on Windows, our research has discovered two attack techniques
・GitHub Actions C2 We will demonstrate a new C2 framework using self-hosted runner in GitHub Actions
In this presentation, we will provide a detailed explanation of these attack techniques, along with PoC code and demonstrations. We will also discuss real-world threats and provide insight on detection and mitigation strategies.
NTT Communications, TechLead & Offensive Security Researcher
Yusuke Kubo works as an Offensive Security Researcher at NTT Communications, Japanese Telecommunication Company, and is also NTT Group Certified Security Principal. And he contributed to MITRE ATT&CK regarding Safe Mode BooT1562.009).
NTT Communications Corporation
Kiyohito Yamamoto has 8 years of experience as a Security Engineer at NTT Communications, and is also NTT Group Certified Security Principal. He served as a Senior Response Expert during the Tokyo Olympics and also conducted TLPT tests.