writeups.xyz
/
Karim Rahal (@KarimPwnz)
Title
Vulnerabilities
Programs
Authors
Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory
CI/CD
OS Command Injection
RCE
GitHub
Karim Rahal (@KarimPwnz)
"CI Knew There Would Be Bugs Here" — Exploring Continuous Integration Services as a Bug Bounty Hunter
Information Disclosure
CI/CD
Undisclosed
EdOverflow (@EdOverflow)
Justin Gardner (@Rhynorater)
Corben Leo (@Hacker_)
Karim Rahal (@KarimPwnz)
Streaak (@Streaak)
D0nut (@D0nutptr)
BBAC
Page 1 of 1
writeups.xyz
/
Karim Rahal (@KarimPwnz)