OWASP Stockholm - GitHub Runners Takeover @ Kivra

Join us for the second OWASP Stockholm event of the year. This time Kivra is hosting and Dr. Pedro Merino will present about GitHub runners and vulnerabilities that you should be aware of.

🗓️ When: 8th of April, 17:30 - 21:00
📍 Where: Klara Norra kyrkogata 33, Kivra AB

🚀 Agenda:
17:30 - 18:00 Gathering and mingling
18:00 - 18:05 Doors close and intro
18:05 - 18:50 First speaker
18:50 - 20:30 Mingle, food will be provided

🌟More about the talk:

GitHub Actions self-hosted runners offer faster deployment and greater control for CI/CD, but they also bring security risks when misconfigured.

This presentation shows how an attacker with limited access to a GitHub organization may craft a malicious workflow to execute arbitrary commands and take over a GCP instance.

👨‍💻About the speaker:

Dr. Pedro Merino
Pedro Merino is a Security Engineer at Kivra, specializing in CI/CD security and threat modeling.

With a Ph.D. in International Private Law, Pedro transitioned from finding loopholes in legal texts to uncovering security vulnerabilities in software. If there's a way in, he'll find it. Outside of cybersecurity, he’s either training for a triathlon or diving into ancient history books.