François Proulx
@francoisproulx
Senior Product Security Expert at http://BoostSecurity.io
You might like
Excited to present brand new talk at NorthSec for the 3rd year in a row.
Nice analysis of the Kong supply chain attack
I performed some analysis that might shed light on how the recent @thekonginc supply chain attack (github.com/Kong/kubernete…) happened. Thanks @Devyn for tweeting it earlier!! 🧵: Back in November, we can see that the maintainers updated workflows: github.com/Kong/kubernete…
✈️ en route to Toronto, 📣 speaking at Black Hat SecTor 2024 tomorrow at 9:10am about how we found 0-days in the build pipeline of Open Source packages 🚢 😈📦
Thanks Jonathan. It was fun. I was happy to give the talk.
Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages by @francoisproulx at @OWASP Global AppSec San Francisco 2024
Looking forward to give my talk about 0 days in build pipelines.
🌟 @owasp 2024 Global AppSec is next week in SF! 🚀 We’re sharing the top talks we're excited about—from 0-days in CI/CD to AI security with AI Goat 🐐. 🐷Catch our talks on API key permissions 🔑 and cert reuse 🔐. 🔗Get the full scoop: trufflesecurity.com/blog/8-must-se… 1/2
🎉 Big News! 🎉 I'll give my talk "Under the Radar: How we found 0-days in the Build Pipeline of OSS Packages" at OWASP Global AppSec San Francisco 2024! 🌟 My favorite conference for over a decade. 🚀#OWASP #GlobalAppSecSanFran #SupplyChainSecurity #OpenSource
If true, it would make it a far less potent worm... though could make tons of damage on airport WiFi...
🌟 @owasp 2024 Global AppSec is next week in SF! 🚀 We’re sharing the top talks we're excited about—from 0-days in CI/CD to AI security with AI Goat 🐐. 🐷Catch our talks on API key permissions 🔑 and cert reuse 🔐. 🔗Get the full scoop: trufflesecurity.com/blog/8-must-se… 1/2
If you are at @openssf SOSS Community Day today. Make sure to come to our talk at 2:25pm in Room 437 sosscdna24.sched.com/event/bbdbc9f6… #openssf #soss #linuxfoundation #GitHub #githubactions
We are announcing the Public Beta release of ‘poutine’ - an Open Source security scanner built by our team @boostsecurityio to detect misconfigurations and vulnerabilities in Build Pipelines. boostsecurity.io/blog/unveiling…
I'm excited to speak at SOSS Community Day NA 2024 sosscdna24.sched.com/event/bbdbc9f6… @sched
🚀 Just blogged about a responsible disclosure on an AWS OSS project, it's complex to mitigate Insider Threats in OSS. 🛡️ GitHub Actions hardening tips to combat Insider Threats effectively. #supplychain #responsibledisclosure #githubactions boostsecurity.io/blog/opening-p…
My Chrome bug just got disclosed! It’s a really cool chain of 4 vulns leading to local file read and universal XSS (including extensions). Maybe I’ll make a blog post about it issues.chromium.org/issues/40942152
Thanks for spreading the word 😃
🆕 Living Off the Pipeline (LOTP) A project to inventory how developer tools commonly used in CI/CD pipelines have lesser-known RCE-By-Design features ("foot guns") boostsecurityio.github.io/lotp/
You guys love OIDC just as much as we do :-) Exactly one year ago, we built almost exactly the same thing that you guys call OctoSTS.
This near miss (and the folks at Boost) certainly taught me some new "fun" things about GitHub actions. Over the past few months I've been working with the team on a number of efforts (what's listed here is tip of the iceberg) to improve our security posture. Stay tuned 😃
Just published "The tale of a Supply Chain near-miss incident" article about a responsible disclosure my team at BoostSecurity.io made as well as announcing the Living Off The Pipeline (LOTP) project. link.medium.com/dsnMkFBonHb
United States Trends
- 1. #GMMTV2026 884K posts
- 2. MILKLOVE BORN TO SHINE 162K posts
- 3. Good Tuesday 21.4K posts
- 4. #WWERaw 77.8K posts
- 5. TOP CALL 9,265 posts
- 6. AI Alert 8,071 posts
- 7. Moe Odum N/A
- 8. Brock Purdy 14.4K posts
- 9. Barcelona 142K posts
- 10. Check Analyze 2,410 posts
- 11. Bryce 21.3K posts
- 12. Token Signal 8,547 posts
- 13. Keegan Murray 1,554 posts
- 14. Alan Dershowitz 2,788 posts
- 15. Market Focus 4,618 posts
- 16. Timberwolves 3,917 posts
- 17. Dialyn 7,894 posts
- 18. Finch 14.7K posts
- 19. The Quickest 3,093 posts
- 20. Enemy of the State 2,533 posts
You might like
Something went wrong.
Something went wrong.