Anatomy of a Cloud Infrastructure Attack via a Pull Request

https://is1-ssl.mzstatic.com/image/thumb/Podcasts116/v4/1b/67/8c/1b678c0c-78e9-6668-693e-971f2f69f5ff/mza_3569538826301315046.png/600x600bb.jpg

Protocol

Teleport

11 episodes

8 months ago

Audio versions of Teleport best technical blog posts. https://goteleport.com/blog/

Technology

RSS

All content for Protocol is the property of Teleport and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Audio versions of Teleport best technical blog posts. https://goteleport.com/blog/

Technology

https://images.podigee-cdn.net/0x,smDtAJesMaZDSmv2CzUEt-JEG08xprdpEBGAz3kNKPkI=/https://main.podigee-cdn.net/uploads/u27719/3e4a3d28-e239-4cca-ac2b-f7971f8e7d83.png

Anatomy of a Cloud Infrastructure Attack via a Pull Request

Protocol

11 minutes

3 years ago

Anatomy of a Cloud Infrastructure Attack via a Pull Request

In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. https://goteleport.com/blog/hack-via-pull-request/