In this talk I will first cover ground on what GitHub self-hosted runners are and how they are used.
I will then discuss how design choices in self-hosted GitHub runners can be abused to take over GitHub organizations.
I will also include a short demo in this talk which would showcase the attack.
Finally I will talk about measures you can take to defend yourself against the presented attack.
Starts at Saturday November 19 2022, 12:30 PM. The sessions runs for 30 minutes.