Skip to content
View offensive-actions's full-sized avatar
39 followers · 9 following

Achievements

Achievement: Pull SharkAchievement: Starstruck

Achievements

Achievement: Pull SharkAchievement: Starstruck

Block or report offensive-actions

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. release-tampering-pocs release-tampering-pocs Public

    Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec Europe 2025

    Shell 75 4

  2. terraform-provider-statefile-rce terraform-provider-statefile-rce Public

    This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.

    Go 58 2

  3. azure-storage-reverse-shell azure-storage-reverse-shell Public

    This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs

    Python 37 2

  4. secret-env-exfiltrator secret-env-exfiltrator Public

    A GitHub Action that exfiltrates secrets and environment variables

    1