BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.hackglasgow.live//hack-glasgow-2026//speaker//8G
 MBLK
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-glasgow-2026-PVTV8U@pretalx.hackglasgow.live
DTSTART;TZID=GMT:20260815T113000
DTEND;TZID=GMT:20260815T115500
DESCRIPTION:The distinction between "code security" and "cloud security" ha
 s evaporated. In late 2025\, the "Shai-Hulud" campaigns demonstrated a sig
 nificant evolution in adversary tradecraft: the weaponization of the open-
 source ecosystem to launch self-propagating worms that pivot from developm
 ent environments to cloud control planes. This talk dissects the anatomy o
 f this campaign\, which compromised over 25\,000 repositories and 350 orga
 nisations. We will provide a deep dive into the adversary’s use of autom
 ation to scale infections at a rate of 1\,000 repositories every 30 minute
 s\, their use of "cross-victim exfiltration" to obfuscate attribution\, an
 d the deployment of novel persistence mechanisms like GitHub Discussion ba
 ckdoors. Attendees will gain a technical understanding of how supply chain
  attacks have shifted from static malicious packages to dynamic\, environm
 ent-aware worms.\n\nSummary & Tactical Analysis:\n\n\n1. Shift in Focus: T
 he CI/CD Pipeline as the Primary Target \nTraditional adversary models ass
 ume the target is a production server or a developer laptop. Our analysis 
 of the Shai-Hulud infection data reveals a decisive shift in adversary foc
 us toward the build pipeline.\n• Environment Fingerprinting: We analysed
  the malware’s execution logic\, discovering distinct behavioural branch
 es based on the environment. The malware checks environment variables (e.g
 .\, process.env.GITHUB_ACTIONS\, process.env.BUILDKITE) to determine if it
  is running in a CI environment.\n• Synchronous Execution: In CI environ
 ments\, the malware forces synchronous execution to ensure payload deliver
 y completes before the ephemeral runner terminates. This "environment awar
 eness" represents a maturation in supply chain malware\, designed specific
 ally to exploit the trust implicit in automated build processes.\n\n2. Tac
 tical Evolution: Automation and Speed \nThe Shai-Hulud campaign is a case 
 study in how adversaries are using automation to outpace human response te
 ams.\n• The Velocity of Compromise: Incident data shows that the worm re
 plicated at a rate of approximately 1\,000 new malicious repositories ever
 y 30 minutes.\n• AI-Generated Payloads: Forensic analysis of the malicio
 us scripts (setup_bun.js) suggests the adversary utilised AI to generate p
 ayload variations. We observed distinct stylistic patterns - some seemingl
 y AI-generated\, others copy-pasted - indicating the adversary is using LL
 Ms to lower the barrier to entry and rapid-fire polymorphic code to evade 
 static analysis.\n\n3. New Tradecraft: Cross-Victim Exfiltration \nPerhaps
  the most significant shift in behavior observed is the technique of "Cros
 s-Victim Exfiltration\," which complicates attribution and takedowns.\n•
  The Tactic: Rather than exfiltrating data to a single attacker-controlled
  server\, the worm utilised the credentials of Victim A to create a public
  repository\, which then served as the exfiltration drop-site for Victim B
 ’s secrets.\n• The Impact: This technique turns victim infrastructure 
 into part of the attack distribution network. Defenders looking for "unusu
 al outbound traffic" to known bad IP addresses failed to detect the exfilt
 ration because the traffic was directed toward legitimate\, high-reputatio
 n GitHub domains owned by other compromised organisations.\n\n4. Novel Per
 sistence: The "Discussion" Backdoor \nThe presentation will detail a previ
 ously unseen persistence mechanism discovered during our reverse engineeri
 ng of the Shai-Hulud payload.\n• Mechanism: The malware injects a workfl
 ow file (discussion.yaml) that triggers only when a new "Discussion" is cr
 eated in the repository.\n• Implication: This allows the adversary to re
 -execute arbitrary code on the compromised machine simply by posting a com
 ment in the repository's discussion tab\, bypassing standard triggers like
  push or pull_request that are more heavily monitored. While we successful
 ly validated this exploit in a lab setting\, it represents a dangerous evo
 lution in "living off the land" within SCM platforms.\n\nConclusion:\nThe 
 Shai-Hulud campaign signals that adversaries have successfully bridged the
  gap between code repositories and cloud runtime environments. By analysin
 g these shifts - from environment-aware execution to cross-victim obfuscat
 ion - defenders can better anticipate the next generation of automated sup
 ply chain threats.\n\nSources:\nhttps://www.wiz.io/blog/shai-hulud-npm-sup
 ply-chain-attack \nhttps://www.wiz.io/blog/shai-hulud-2-0-aftermath-ongoin
 g-supply-chain-attack \nhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-sup
 ply-chain-attack \nhttps://www.wiz.io/blog/github-attacks-pat-control-plan
 e
DTSTAMP:20260611T141346Z
LOCATION:Stage 1
SUMMARY:The Era of the Self-Propagating Cloud Worm: Dissecting the "Shai-Hu
 lud" Campaigns - Scott McCracken
URL:https://pretalx.hackglasgow.live/hack-glasgow-2026/talk/PVTV8U/
END:VEVENT
END:VCALENDAR