Adnan Khan's Blog

follow: @[email protected]

Posts

Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000

Watch your Dispatch: Race Condition in Dependabot Core CI

(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe's Frontend

Cacheract: The Monster in your Build Cache

Release-Drafter To google/accompanist Compromise: VRP Writeup

BlackHat 2024 and DEF CON 32 Preview

RoguePuppet - A Critical Puppet Forge Supply Chain Vulnerability

The Monsters in Your Build Cache - GitHub Actions Cache Poisoning

An Obscure Actions Workflow Vulnerability in Google's Flank

Web3's Achilles' Heel: A Supply Chain Attack on Astar Network

CVE-2023-49291 and More - A Potential Actions Nightmare

One Supply Chain Attack to Rule Them All - Poisoning GitHub's Runner Images

Welcome to my blog - there is more to come!

Conference Talks