Adnan Khan (@Adnanthekhan)

Title	Vulnerabilities	Programs	Authors
RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability	CI/CD Supply Chain Attack	Puppet Labs	Adnan Khan (@Adnanthekhan)
The Monsters in Your Build Cache – GitHub Actions Cache Poisoning	CI/CD Supply Chain Attack	Google	Adnan Khan (@Adnanthekhan)
An Obscure Actions Workflow Vulnerability in Google’s Flank	CI/CD Supply Chain Attack	Google	Adnan Khan (@Adnanthekhan)
Fixing Typos And Breaching Microsoft’s Perimeter	RCE CI/CD Supply Chain Attack	Microsoft	John Stawinski Adnan Khan (@Adnanthekhan)
Web3’s Achilles’ Heel: A Supply Chain Attack on Astar Network	Supply Chain Attack Self-Hosted Runner Takeover CI/CD	Astar Network	Adnan Khan (@Adnanthekhan)
TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack	CI/CD Supply Chain Attack	Google (OSS) TensorFlow	Adnan Khan (@Adnanthekhan) John Stawinski
Playing With Fire – How We Executed A Critical Supply Chain Attack On Pytorch	CI/CD Supply Chain Attack	PyTorch Meta / Facebook	John Stawinski Adnan Khan (@Adnanthekhan)
One Supply Chain Attack to Rule Them All	CI/CD Supply Chain Attack	GitHub	Adnan Khan (@Adnanthekhan)
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More	CI/CD Pwn Request	Microsoft Red Hat	Adnan Khan (@Adnanthekhan)
Back to the 90s: Fujitsu “IP series” Real-time Video Transmission Gear Hard Coded Credentials	Hardcoded Credentials	Fujitsu	Adnan Khan (@Adnanthekhan)
From Self-Hosted GitHub Runner to Self-Hosted Backdoor	CI/CD Lateral Movement Post-Exploitation	GitHub	Adnan Khan (@Adnanthekhan) Mason Davis Matt Jackoski

Page 1 of 1