[Nulled] » Information security » Trend Micro resellers have found out that the GitHub Codespaces feature
January 23 2023

Trend Micro resellers have found out that the GitHub Codespaces

Trend Micro resellers have found out that the GitHub Codespaces feature, which has been publicly available since November 2022, can be used to deliver malware.

GitHub Codespaces is a free cloud-based integrated development environment (IDE) that allows developers to create, edit and run code in their browsers through a container environment running in a VM.

One of the features provided by GitHub Codespaces allows developers to share redirected ports from a VM both privately and publicly, for real-time collaboration.

A private port can only be accessed through a URL, while public ports can be accessed by anyone with a URL, without any form of authentication.

According to Trend Micro, this collaboration feature can be used by attackers with accounts on GitHub to host malicious scripts, ransowmare and other types of VPO.

The researchers were able to create a Python-based HTTP server on port 8080 and publicly share the forwarded port, while noting that the URL can be accessed by anyone, since it does not include cookies for authentication.

Port forwarding in GitHub Codespaces is usually implemented via HTTP, but developers can switch to HTTPS, which will automatically make the port closed.

According to Trend Micro, an attacker can create a simple script to repeatedly create a code space with a public port and use it to host malicious content — in fact, a web server with an open directory containing malware - and configure it to be automatically deleted after the URL has been accessed.

Thus, attackers can easily abuse GitHub Codespaces to quickly deliver malicious code by publicly opening ports in their codespace environments.

Since each created codespace has a unique identifier, the subdomain associated with it is also unique, which gives the attacker enough reasons to create different instances of open directories.

While there is no evidence that such a technique was used in the wild, but as you know, attackers often abuse free cloud services and platforms in conducting campaigns.

To reduce the risk of identified threats, developers are advised to use only the code they can trust, make sure they use only recognized and supported container images, and protect their GitHub accounts with strong passwords and 2FA.

In addition, GitHub plans to add a request to users to confirm that they trust the owner when connecting to the codespace.

The developer, in turn, recommends that GitHub Codespaces users follow the recommendations for ensuring security and minimizing the risks associated with their development environment.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:17
  • Publication category(s): Information security
  • Number of views of the publication: 158
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
The corporate

The corporate communication and collaboration platform Slack reported a cyber incident that occurred during the

Read more
16 January 2023
Information security
After Microsoft

After Microsoft implemented, starting in July 2022, the blocking of Visual Basic for Applications (VBA) macros by

Read more
15 November 2022
Bulletin Board scripts
Themeqx v5.0 bulletin

The Themeqx v5.0 PHP-based Laravel bulletin board script will meet your requirements. It has many powerful

Read more
15 January 2023
Hacking
We collect information

Infoga is a tool that collects information about email accounts (ip, hostname, country, etc.) from various

Read more
15 January 2023
Information security»,Hacking
We follow the victim

Trape is an OSINT tool that allows you to track and execute social engineering attacks in real time. The utility

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +4 Total articles 6751
  • +16 Comments 4238
  • +31 Users : 6079