2025-09-15 –, Bierstadt Lagerhaus Stage
GitHub Actions is a powerful tool, but poor configuration can turn it into a critical attack vector. In this talk, we’ll explore how common mistakes allow malicious code execution, credential leaks, and privilege escalation.
CI/CD pipelines speed up development, but what happens when they also speed up attacks?
GitHub Actions is a powerful tool, but poor configuration can turn it into a critical attack vector. In this talk, we’ll explore how common mistakes allow malicious code execution, credential leaks, and privilege escalation.
We’ll dive into real-world exploitation cases, advanced attacker techniques, and, most importantly, how to secure your pipeline before it’s too late.
If you think your CI/CD is secure, this talk will make you question it. And if it’s not… better you find out before an attacker does.
Cybersecurity enthusiast with experience in vulnerability management, application security, and secure software development. CTF player in my free time. I have security certifications such as eJPT, eWPT, eWPTX and CEH.