Asi Greenholts

@oriSomething @eytanlevit אפשר המלצות לחשבונות איכותיים לעקוב אחריהם?

@eytanlevit בכל טוויטר טק העולמי מדברים על כמה קודקס לא רואה ממטר את קלוד

מסקנה מכמה ימים של משחק עם שניהם במקביל: codex 5.3 > claude 4.6 קודקס פחות מז**ן את השכל ופשוט מבצע את המשימה. וגם הממשק קל יותר. פשוט prompt. בלי לחשוב על subagents ועל team ובלי tmux ועוד מלא דברים. והcontext window מחזיק יותר זמן. סתם משתף כי אני מרגיש שלא מדברים פה הרבה על קודקס

@david_lisovtsev מה ההערכה שלך לגבי מתי תתחיל ההתקפה?

🚨 We know the real target behind the attack on tj-actions/changed-files! Coinbase! The first publicly known exploitation of the technique I presented at DEFCON 31: The GitHub Action Worm. Read the full story: unit42.paloaltonetworks.com/github-actions… By @omer_gil @yaronavital @_0xffd and I

New research our team released today, showing how we could push code to highly popular open source projects maintained by Google, AWS, Microsoft, & Red Hat, through a race condition in GitHub Actions. Go hunt critical #bugbounty issues ;) by @yaronavital unit42.paloaltonetworks.com/github-repo-ar…

This Saturday I will be speaking at #DefCon32 about OIDC misconfigurations and abuses in the context of CI/CD 🥴👹. Come check it out! info.defcon.org/event/?id=54867 @PaloAltoNtwks #OIDC #oauth2 #ci #cd

Two great talks delivered in Vegas this year by our team - again! In this year’s hacker summer camp in LV, our Research team will stand on the @defcon & @BSidesLV stages again, to share two novel research projects we’ve been working on recently: #HackerSummerCamp #defcon32

Thank you @HoffmanYaniv for inviting me to discuss about CI/CD security and my "Awesome CI/CD Attacks" project. We explored challenges, solutions, and key insights in this critical area of cybersecurity. youtube.com/watch?v=FiTERo…

Right now on stage @TupleType with “The GitHub Actions Worm: Compromising GitHub repositories through the actions dependency tree”! Join live: youtube.com/live/tlBnIA9FQ…

📚 tl;dr sec 234 🗡️ Awesome CI/CD Attacks @TupleType 🤖 STRIDE GPT ☁️ Non Production AWS Attack Surface @Frichette_n 🛡️ Secure defaults @ramimacisabird 🛠️ WAF bypass tool @infosec_au 💻 Hacking millions of routers @samwcyo tldrsec.com/p/tldr-sec-234

I'll be speaking at @BsidesTLV !!! Join my session about a novel supply chain attack technique abusing @github Actions intended behavior to spread a worm 🪱. bsidestlv.com/agenda/the_git…

@clintgibler Thank you for sharing!

Awesome CI/CD Attacks Practical resources for offensive CI/CD security research 🧠 Techniques 🛠️ Offensive tools 🗒️ Case studies By @TupleType github.com/TupleType/awes…

What do you think is an important routine for a Security Researcher? I think it is reading Cyber news daily. Here are the most unique and high quality resources I've found about CI/CD attacks in the past 3 years: github.com/TupleType-1/aw… Thanks @omer_gil for the review!

@ShaharEshet @LitanL אושר כהן - אהבה

@LitanL @TupleType גאוני

תקשיבו יש לי עוד שבוע קריוקי ואני צריכה להביא שיר בן זונה שכולם אוהבים וישירו ואז יגידו פאק ליטן איך לא חשבנו על זה זה שיר גאוני אז בקיצור תביאו שיר שהוא הברקה

Use CVE-2024-27198 to freely access internal TeamCity instances, create admin access tokens, and steal secrets and configurations - even if the server is not exposed to the internet. How? 🧵 #1/10

Hi @BlackHatEvents - I was shocked to discover that one of your Cyber Security Trainer and Review Board Members is also an antisemitic, a terror supporter who publicly denies Hamas Terror acts. Please remove @Voulnet from his role immediately!

@tell1skivi Thank you!

Good to see researchers looking more into CI/CD platform security. Great write-up!

@defcon just published the talk on YouTube: youtu.be/j8ZiIOd53JU?si…

How a worm 🪱 can be used to compromise @github repositories at scale through the Actions dependency tree🌲? The blog details a public disclosure out of many reported to #bugbounty programs This was first reveled at @defcon 31 and @BSidesLV paloaltonetworks.com/blog/prisma-cl…

The GitHub Actions Worm: Compromising GtHub repositories through the actions dependency tree! 🕜 Sat 1:30 pm PT, Track 3 at @defcon 📺 Watch live here: twitch.tv/defcon_dctv_th…

Highly inspired by our @owasp Top 10 CI/CD Security Risks project, cool:)