Asi Greenholts @TupleType
Concentrated AppSec juice • Security Researcher @PaloAltoNtwks greenholts.com Joined September 2021-
Tweets43
-
Followers186
-
Following47
-
Likes449
🚨 We know the real target behind the attack on tj-actions/changed-files! Coinbase! The first publicly known exploitation of the technique I presented at DEFCON 31: The GitHub Action Worm. Read the full story: unit42.paloaltonetworks.com/github-actions… By @omer_gil @yaronavital @_0xffd and I
New research our team released today, showing how we could push code to highly popular open source projects maintained by Google, AWS, Microsoft, & Red Hat, through a race condition in GitHub Actions. Go hunt critical #bugbounty issues ;) by @yaronavital unit42.paloaltonetworks.com/github-repo-ar…
This Saturday I will be speaking at #DefCon32 about OIDC misconfigurations and abuses in the context of CI/CD 🥴👹. Come check it out! info.defcon.org/event/?id=54867 @PaloAltoNtwks #OIDC #oauth2 #ci #cd
Two great talks delivered in Vegas this year by our team - again! In this year’s hacker summer camp in LV, our Research team will stand on the @defcon & @BSidesLV stages again, to share two novel research projects we’ve been working on recently: #HackerSummerCamp #defcon32
Thank you @HoffmanYaniv for inviting me to discuss about CI/CD security and my "Awesome CI/CD Attacks" project. We explored challenges, solutions, and key insights in this critical area of cybersecurity. youtube.com/watch?v=FiTERo…
Right now on stage @TupleType with “The GitHub Actions Worm: Compromising GitHub repositories through the actions dependency tree”! Join live: youtube.com/live/tlBnIA9FQ…
📚 tl;dr sec 234 🗡️ Awesome CI/CD Attacks @TupleType 🤖 STRIDE GPT ☁️ Non Production AWS Attack Surface @Frichette_n 🛡️ Secure defaults @ramimacisabird 🛠️ WAF bypass tool @infosec_au 💻 Hacking millions of routers @samwcyo tldrsec.com/p/tldr-sec-234
I'll be speaking at @BsidesTLV !!! Join my session about a novel supply chain attack technique abusing @github Actions intended behavior to spread a worm 🪱. bsidestlv.com/agenda/the_git…
What do you think is an important routine for a Security Researcher? I think it is reading Cyber news daily. Here are the most unique and high quality resources I've found about CI/CD attacks in the past 3 years: github.com/TupleType-1/aw… Thanks @omer_gil for the review!
Use CVE-2024-27198 to freely access internal TeamCity instances, create admin access tokens, and steal secrets and configurations - even if the server is not exposed to the internet. How? 🧵 #1/10
Hi @BlackHatEvents - I was shocked to discover that one of your Cyber Security Trainer and Review Board Members is also an antisemitic, a terror supporter who publicly denies Hamas Terror acts. Please remove @Voulnet from his role immediately!
How a worm 🪱 can be used to compromise @github repositories at scale through the Actions dependency tree🌲? The blog details a public disclosure out of many reported to #bugbounty programs This was first reveled at @defcon 31 and @BSidesLV paloaltonetworks.com/blog/prisma-cl…
The GitHub Actions Worm: Compromising GtHub repositories through the actions dependency tree! 🕜 Sat 1:30 pm PT, Track 3 at @defcon 📺 Watch live here: twitch.tv/defcon_dctv_th…
My submission got accepted to @BSidesLV!! Join me at the underground track 🤫 where I'll talk about: The GitHub Actions Worm: Compromising GitHub repositories through the action dependency tree 🌳
If you're going to @RSAConference this year and you want to see a new attack method, come see @omer_gil and myself talk about: Abuse of Repository Webhooks to Access Hundreds of Internal CI systems. rsaconference.com/usa/agenda/ses…
Check out my new blog "How to secure your Open Source Project – A quick guide for developers" with examples for @github 🥳 cidersecurity.io/blog/research/…
🔥 The CI/CD Goat 🐐 just got wilder 🔥 Beat our new challenge and win a Gaming Keyboard!!! Thanks to @yaronavital and @omer_gil for co-writing the challenge! github.com/cider-security…
shashank mishra @Th3_G0df4th3xr
21 Followers 957 Following
nano_sumoy @NSumoy41392
1 Followers 430 Following
Yseexor @Yseexor7409
10 Followers 272 Following 愛する人と、運命の時に出会えますように。そして、運命の人とも出会えますように。お会いできるのを楽しみにしています!
Aladdin @king_quraishi1
139 Followers 7K Following
Satya @bi81828
3 Followers 416 Following
doomholderz @doomholderz
7 Followers 40 Following security engineer & researcher, but NOT both at the same time
Md SHAKIB @MdSojib37943180
6 Followers 278 Following If you want to work together, have a question, or if you just want to say hi, feel free to reach out!
Shinobyx @crypticrebel337
23 Followers 1K Following Bug bounty hunter who is a bit inactive on social media, so don't expect too much from me here...
fLaSh @f_La_Sh
34 Followers 223 Following
Nadav Kedem @kedem_nadav
30 Followers 1K Following
Hack in Hire @hackinhire
227 Followers 774 Following 🚀 Elevate your #CyberSecurity career worldwide! 🔎 AI-driven matching. Verified skills. Real opportunities.
Tim McHale @TimMcHale11
18 Followers 547 Following Independent Security Researcher https://t.co/QKte2TYPVv https://t.co/83U1LFF0MO
Liora R. Herman @tzionit411
963 Followers 3K Following All opinions are my own unless I borrowed them from someone else. Founder & Queen of Details @AppSec_Village Head of Field/Channel Marketing, EMEA @Penterasec
Sai Prashanth @saip_007
53 Followers 733 Following #saip007 Tech enthusiast; Security Researcher @Loginsoft_Inc
Metaxai @metaxai314
180 Followers 2K Following “People don't think what they feel, don't say what they think and don't do what they say.” - attributed to David Ogilvy, however no 1 ever heard him saying this
Dalary Vosper @vosp_dala
1 Followers 77 Following
sudox @kmcnam1
12K Followers 3K Following CCIEx2 #50931 and a bunch of random paper. Opinions are my own and not the company I work. I guess I'm Green Arrow's daughter or something...
eliran @eliran26
9 Followers 2K Following "If you can visualize it, if you can dream it, there's some way to do it."
Dave Platt @lawncreatures
307 Followers 1K Following Ubergeek, InfoSec, Dad | DFIR, Threat Intel & Pentester | Founder of nothing | Opinions are my mine, not my employer
Sharon Nachshony @SharonNachshony
17 Followers 237 Following
cocosz @cocosz0519
4 Followers 208 Following
Tanya Janca | Shehack... @shehackspurple
50K Followers 2K Following Secure Coding Trainer, Best-selling author of Alice and Bob Learn Secure Coding & Alice and Bob Learn Application Security. #AppSec she/her 🌻
Ashkazat Bagatov @ashkazat
2K Followers 818 Following Seller to willing buyers at perceived fair market prices.
Joshua Shirayanagi @JShirayanagi
18 Followers 442 Following
MARTIN'S 🤗🙌 @MUgwu36240
8 Followers 165 Following @TeamMartins# FANPAGE. Always believe.@martins# PMA
0xakashk @0xakashk
3 Followers 131 Following “Cybersecurity professional | Red Teamer 🛡️ | Breaking systems to build stronger defenses | Sharing tools & insights on GitHub 👨💻”
Abhishek Mishra @cybersecinfo12
2 Followers 35 Following
Tom Porter @porterhau5
1K Followers 360 Following infosec | baseball | red team | trainer | fan of the pipe delimiter
Amol 🇮🇳 @codewithamol
1K Followers 5K Following My name is Amol from India.I am dad,husband and Hacker C|EH | eWPTX | CC | CSSLP | CISSP | CDP DevSecOps |Security Consultant |B.E Computer | MBA IT
Cybertection LLC (Jos... @Cyberjoe2050
528 Followers 7K Following Cybertection is your choice for all security software, but our specialty is always going to be antivirus software. We are your digital bodyguard.
annumeena @annumeena19
85 Followers 6K Following
ice @ice98079542
95 Followers 3K Following
🕵🏻♂️🔻 @mswelam_
1K Followers 2K Following uncut gems l l DFIR @EG_CERT#cocopollo_author BlackHat MEA2024, 2025
zOmfg0rz @_Omfg0rz
310 Followers 3K Following
michael.slook @mikimaos4
18 Followers 1K Following
OhMyGod @wy88215534
28 Followers 2K Following Information security enthusiast/father/idealist/otaku/Share cybersecurity awareness and practices, knowledge and skills, threat intelligence
דג הכסף @NBhgdrh
24K Followers 181 Following כלכלה, פיננסים, היסטוריה, תמונות, קריקטורות ומוזיקה; דעות אישיות ומחשבות, אין המלצות
Anthropic @AnthropicAI
646K Followers 35 Following We're an AI safety and research company that builds reliable, interpretable, and steerable AI systems. Talk to our AI assistant @claudeai on https://t.co/FhDI3KQh0n.
PMF or Die @pmfordie
16K Followers 19 Following 90 days and $25K to build a $1MM app. Streaming 24/7 on Twitch and YouTube. Follow the players: @blakeandersonw
Daniel Bachmat @DanielBachmat
32K Followers 502 Following דניאל בכמט | כותב על צבא ומתמטיקה (ולפעמים שחייה) מזווית קצת אחרת
הימורי חותי... @HimureiHutim
22 Followers 4 Following הימורים יומיים על האם החותים ירו או לא ✨🇾🇪🚀 ווינר ווינר צ׳יקן דינר
David Lisovtsev @david_lisovtsev
36K Followers 486 Following נשוי ל @FeldmanSaraa 26, איסופניק במיל'. מנכ"ל פיד מלחמת רוסיה-אוקראינה. ראשל"צי בעבר, ירושלמי בהווה. שפות: 🇮🇱🇺🇸🇷🇺. הרמטכל האמריקאי ראה מפות שאני הכנתי.
Yam Peleg @Yampeleg
38K Followers 2K Following The only AI researcher they sent a missile for 🇮🇱 | Co-host @thursdai_pod • AI news every Thursday
Tanya Janca | Shehack... @shehackspurple
50K Followers 2K Following Secure Coding Trainer, Best-selling author of Alice and Bob Learn Secure Coding & Alice and Bob Learn Application Security. #AppSec she/her 🌻
Uri Eliabayev @urieli17
18K Followers 1K Following AI Consultant and lecturer, Founder of the Machine & Deep learning Israel community (41K members)
Cyburger @Cyburgerim
4K Followers 309 Following Cyber. M&A. Investments. Trends. Product. Nonsense. English RTs @Cyburgerzz
Adnan Khan @adnanthekhan
3K Followers 210 Following Security Engineer | Part Time Security Researcher | Build Pipeline Menace | All thoughts and opinions are my own | 🍉
Sebas @0xroot
4K Followers 463 Following - 🦊 Senior Security Consultant at @BishopFox - 📚 Curated Security Pills Newsletter https://t.co/c1XhZLXTZS
Marco Lancini @lancinimarco
6K Followers 373 Following 💼 Principal Security Engineer 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RH 📚 https://t.co/TrQKzxfnYg is out now!
Or Heller אור הל... @OrHeller
109K Followers 1K Following כתב צבאי, חדשות 13 military correspondent, channel 13 news, Israel
Investor @IamInvestor_
26K Followers 59 Following אינבסטור, משקיע פרטי. כותב על כסף 💵 השקעות, כלכלה, הייטק ומה שמעניין אותי. לא ממליץ - תעשו את הבדיקות שלכם 🤝
פידטק וידוי... @FeedTechILUncen
19K Followers 27 Following מחשבות ווידויים ללא צנזורה! הוידויים המועלים נשלחים אנונימית אינם מייצגים את דעתנו ואיננו אחראים להם. הקליקו כאן להתוודות אנונימית 👈 https://t.co/hYu8dLUDnP
Palo Alto Networks @PaloAltoNtwks
128K Followers 468 Following Our Mission: Cybersecurity partner of choice, protecting our digital way of life.
Aviad @_0xffd
259 Followers 482 Following ''To fly as fast as thought, you must begin by knowing you've already arrived'' Spinning records for fun and containers for pain Opinions are my own. UwU
emzra @emzraline
3K Followers 574 Following
NASA Artemis @NASAArtemis
884K Followers 60 Following For more about NASA's Artemis campaign, visit: https://t.co/fgUfRhXjzH
Yaron Avital @yaronavital
91 Followers 189 Following Security Researcher @paloaltontwks, renowned octopus trainer.
Mark Manning @antitree
3K Followers 2K Following Process isolationist, k8s hacker, ᴎo-prem pusher, syscall denier, container liberator 🔸Chainguard - Product Security 🔸Rochester 2600 🔸Former: Snowflake, NCC
Magno Logan @magnologan
3K Followers 4K Following Application Security Specialist. Secure Coding and DevSecOps Instructor. Promoted == Blocked!
Jimmy Vo @JimmyVo
4K Followers 2K Following
Daemontamer @Daemontamer
753 Followers 971 Following InfoSec Patient Zero, Layer 9 IPS, Principal Mole-Whacker. Loyal BSides Disorganizer. I am only an Egg. @daemontamer.bsky.social @daemontamer.infosec.exchange
EliB @Eli_Barbel
24K Followers 1K Following השיגעון הנוכחי שלי הוא לעזור לאימהות בחל"ד לא להרגיש לבד. תכירו את ערה! - טינדר לאימהות בחופשת לידה https://t.co/KMVlRYruVC וגם בספוטיפיי "שיחות על חופשת לידה"
Oren Haasz @Oren_theace
17K Followers 2K Following History, military history & doctrine. Middle-East. Heb/Eng/Ar.
Daniel Krivelevich @Dkrivelev
163 Followers 147 Following Entrepreneur, Investor, Advisor | 🇮🇱 | Co-Founder & CTO @ Cider Security
NASA Webb Telescope @NASAWebb
3.5M Followers 63 Following The world's most powerful space telescope. Launched: Dec. 25, 2021. First images revealed: July 12, 2022. Verification: https://t.co/ChOEslj1j5
David Panodishvili @DavidP201990
49 Followers 958 Following
חזי לפלסיאן @HezyLaplacian
3K Followers 182 Following מדבר מתמטיקה ככה בגובה של העין כמו שאומרים עובד בסדנא רכב של אבא מלשינים דוקר
מודי שפריר M... @ModiShafrir
10K Followers 245 Following אסטרטג ראשי - שווקים פיננסים - בנק הפועלים מאקרו, מט"ח ושווקים מזווית קצת אחרת... https://t.co/wCkuvO9Ysk
Arye Lukashevski @arye_lu
111 Followers 509 Following Moving bits around from end to end ☁️🖥 Complete code / Clean Code 📚
🇮🇱🏳️�... @roh_min_hon
24K Followers 320 Following איש עסקים ישראלי הגר בהודו. זמין בווטסאפ\סיגנל בנייד ההודי שלי. [email protected]. עברתי לבלוסקיי באותו יוזר
Rotem Bar @rotembar
1K Followers 423 Following
Amit Hirsch @HirschAmit
8 Followers 26 Following I am a Software Engineer - Always looking forward to learn new things and enjoy life :)
Guy Flechter @Guy_Flechter
203 Followers 657 Following Changing things| Founder and CEO @SolaSecurity| Former Co-founder and CEO @Cider_sec (Now part of PANW))
Shaul Amsterdamski �... @amsterdamski2
244K Followers 2K Following עיתונאי ב-@kann_news, #חיותכיס, #המנגנון, #מקורב_לצלחת, #כסף_טוב. כותב טור במוסף @calcalist. ירושלמי. בחיפוש מתמיד אחר בית הקפה החביב עלי. חפשו אותי באינסטגרם
Ran Bar-Zik @barzik
56K Followers 112 Following Senior software architect at @CyberArk. Tech journalist at @TheMarker. Lecturer at Ono Academic College, Author of https://t.co/2nyX0Ntexu, Opinions are my own.
הסולידית @hasolidit
113K Followers 40 Following משקיעה חובבת | https://t.co/1u4SjU0ANm אין בנכתב משום המלצה, ייעוץ או תחליף לייעוץ מכל סוג, לרבות ייעוץ השקעות המתאים לצרכיו של כל אדם.Trends for United States
You might like
