Back to directory
WRITEUP #169

GitHub Actions Exploitation: Self Hosted Runners

OtherCI/CDSelf-Hosted Runner Takeover
by@hugow_vincent(Hugo Vincent)
Program
HaskellScroll
Published
Jul 17, 2024
Added to HackDex
Jul 30, 2024
Read Full Writeuphttps://www.synacktiv.com/publications/github-actions-exploitation-self-hosted-runners.html
RELATED WRITEUPS
Github Actions Exploitation: Dependabot
OtherCI/CD
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
AI / LLMCI/CD

Built with ❤️ by Shubham Rawat