Adnan Khan's Security Research Blog
https://adnanthekhan.com/
Security research blog focusing on CI/CD security, software supply chain attacks, and developer tooling vulnerabilities.
フィード
Turning Almost Nothing into a Supply Chain Compromise of Angular with GitHub Actions Cache Poisoning
Adnan Khan's Security Research Blog
1日前
Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager
Adnan Khan's Security Research Blog
23日前
Copilot or Coconspirator - Tricking GitHub Copilot and Stealing all Your Secrets
Adnan Khan's Security Research Blog
2ヶ月前
Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000
Adnan Khan's Security Research Blog
7ヶ月前
(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe''s Frontend
Adnan Khan's Security Research Blog
1年前
Cacheract: The Monster in your Build Cache
Adnan Khan's Security Research Blog
In this post, I demonstrate Cacheract, which is an open source proof-of-concept for 'Cache Native Malware' that exploits GitHub Actions cache misconfigurations.
1年前
RoguePuppet - A Critical Puppet Forge Supply Chain Vulnerability
Adnan Khan's Security Research Blog
2年前
The Monsters in Your Build Cache - GitHub Actions Cache Poisoning
Adnan Khan's Security Research Blog
2年前
Web3''s Achilles'' Heel: A Supply Chain Attack on Astar Network
Adnan Khan's Security Research Blog
2年前
One Supply Chain Attack to Rule Them All - Poisoning GitHub's Runner Images
Adnan Khan's Security Research Blog
2年前