Back to directory
WRITEUP #1256

Stealing GitHub staff's access token via GitHub Actions

Privilege EscalationCI/CDToken leakSupply chain attack
by@ryotkak(RyotaK)
Program
GitHub
Published
Apr 22, 2023
Added to HackDex
Apr 24, 2023
Read Full Writeuphttps://blog.ryotak.net/post/github-actions-staff-access-token-en/
RELATED WRITEUPS
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
AI / LLMCI/CD
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
Escalating From Reader To Contributor In Azure API Management
Privilege Escalation
Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey
Privilege EscalationLocal Privilege Escalation
Hijacking SQL Server Credentials using Agent Jobs for Domain Privilege Escalation
Privilege Escalation

Built with ❤️ by Shubham Rawat