2025-09-10 –, Main hall
GitHub Actions are the perfect tool for automating all aspects of your software workflows and deployment processes.
As Actions have access to source code, this makes them a prime target for (supply-chain) attacks.
Learn how to exploit and fix old vulnerabilities, what new vulnerabilities to be aware of, and how to reduce the impact should your Actions get exploited.
Simon Gerst is a security researcher at Asymmetric Research who uses static analysis to scale bug discovery, formal methods to uncover subtle flaws, and plain source code reading. Before that, he worked on bounded model checking of V8 for his master's thesis. He enjoys breaking insecure GitHub Actions and has found issues in repositories from GitHub, Microsoft, and others. In his free time, he plays piano—especially Rachmaninoff—and competes in CTFs.