From Code to Crime: Exploring Threats in GitHub Codespaces скачать в хорошем качестве

From Code to Crime: Exploring Threats in GitHub Codespaces

Nitesh Surana (Trend Micro, IN), Jaromir Horejsi (Trend Micro, CZ) Nitesh Surana is a Senior Threat Researcher with Trend Micro where he specializes in cloud vulnerability & security research. He has been in the top 100 MSRC Most Valuable Security Researchers in 2023 for his submissions to Microsoft via the Zero Day Initiative. He has presented across conferences such as Black Hat USA, HackInTheBox, HackInParis, Nullcon, c0c0n, Security BSides, NDC Oslo and OWASP/Null Bangalore meetups. Apart from playing with packets and syscalls, Nitesh is found attending concerts and writing/playing music. Jaromir Horejsi is a Senior Threat Researcher for Trend Micro Research. He specializes in tracking and reverse-engineering threats such as APTs, DDoS botnets, banking Trojans, click fraud, and ransomware that target both Windows and Linux. His work has been presented at RSAC, SAS, Virus Bulletin, HITB, FIRST, AVAR, Botconf, and CARO. --- Cloud-based development environments enable developers to work from any device with internet access. Introduced during the GitHub Universe event in November 2022, Codespaces offers a customizable cloud-based IDE, simplifying project development. However, the openness of this service has been exploited by attackers, leading to in-the-wild campaigns leveraging GitHub Codespaces for developing, hosting, and exfiltrating stolen information.The presentation will showcase GitHub Codespaces' features and explore typical methods of abuse by threat actors, focusing on observed malicious campaigns. Highlighted is DeltaStealer, a credential-stealing malware family with diverse variants, some featuring unique capabilities like persistent Discord authentication compromise and cloud-based data exfiltration.Developed using GitHub Codespaces, these infostealers reveal interesting artifacts, including debug symbols, exposing insights into the developers' identities. The presentation will showcase social media evidence and conclude with practical recommendations on configuring cloud-based IDEs securely, identifying suspicious instances, and proactively addressing similar cyber threats.