* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Black Hat](https://www2.paloaltonetworks.com/blog/cloud-security/category/black-hat/)
* Next Week in Las Vegas Wi...

# Next Week in Las Vegas With Prisma Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprismacloud-blackhat-2023%2F)  
[](https://twitter.com/share?text=Next+Week+in+Las+Vegas+With+Prisma+Cloud&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprismacloud-blackhat-2023%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprismacloud-blackhat-2023%2F&title=Next+Week+in+Las+Vegas+With+Prisma+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/prismacloud-blackhat-2023/&ts=markdown)  
\[\](mailto:?subject=Next Week in Las Vegas With Prisma Cloud)  
Link copied  
By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde")  
Aug 02, 2023  
8 minutes  
[Black Hat](https://www.paloaltonetworks.com/blog/cloud-security/category/black-hat/?ts=markdown)  
[Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown)  
[Black Hat](https://www.paloaltonetworks.com/blog/tag/black-hat/?ts=markdown)  
[BSides](https://www.paloaltonetworks.com/blog/tag/bsides/?ts=markdown)  
[DEFCON](https://www.paloaltonetworks.com/blog/tag/defcon/?ts=markdown)

Don't miss the breakout and theater sessions, demos, CTF games, parties, prizes and more. Come to Las Vegas --- as we showcase the industry's most comprehensive cloud-native application protection platform (CNAPP) at Black Hat, BSides and Defcon.
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/08/word-image-299964-1.png)
Fight Unfairly. At Palo Alto Networks, we innovate to outpace cyberthreats so you can prevent, detect and respond to any threat, anytime, anywhere.

Prisma Cloud is sponsoring three events during the week of August 7 in Las Vegas, Nevada:

* * BSidesLV, August 8-9
  * Black Hat, August 9-10
  * Defcon, August 11-13

## **Secure from Code to Cloud**

Prisma Cloud secures applications from code to cloud across multicloud environments. The platform delivers comprehensive security with both continuous visibility and proactive threat prevention throughout the application lifecycle. Prisma Cloud enables security and DevOps teams to effectively collaborate to accelerate secure cloud-native application development and deployment.

## **BSides Las Vegas: August 8-9**

Kick the week off at BSidesLV. Prisma Cloud by Palo Alto Networks is a Gold Sponsor. Stop by the Tuscany Suites and Casino Hotel to chat with our experts and enter our raffle for a chance to win a pair of customized Nike By You shoes.

#### Speaking Sessions

##### The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

*Tuesday, August 8 at 4:00 PM*

Presenter: Asi Greenholts, Security Researcher, Palo Alto Networks

How wide can a GitHub Actions worm spread?

In this talk, I'll demonstrate how a worm can crawl through actions and projects, infecting them with malware.

We will explore the ways in which actions are loosely and implicitly dependent on other actions and create a graph-based dependency tree for GitHub actions. This map will set the path for the worm searching its way to infecting as many action dependencies and GitHub projects as possible.

Join this talk to learn about the methods our worm uses to make its way toward other actions, to get familiar with the high profile open-source projects we could hijack, and to see this worm demoed in action.

##### Actions Have Consequences: The Overlooked Security Risks in Third-Party GitHub Actions

*Wednesday, August 9 at 2:30 PM*

Presenter: Yaron Avital, Security Researcher, Palo Alto Networks

After reviewing the build logs of public CI pipelines, I noticed security issues related to permissions and build integrity. To investigate the extent of the problem, I analyzed the build logs of the top 2,000 starred repositories on GitHub, and the results surprised even me.

In this talk, I'll share my findings on how the world's most popular repositories fail to manage their build permissions --- and how these failures can lead to severe consequences, such as creating tokens to access cloud resources or introducing malware to repository code and artifacts.

Next, I'll uncover the existence of "unpinnable actions." We'll challenge a highly recommended countermeasure for protecting against compromised third-party actions --- pinning. Pinning supposedly assures that the action's code can't be tampered with, but new malicious code can still sneak into your pipeline, even when pinned. I'lll share conditions that make an action unpinnable and reveal how the world's most popular actions we all use and pin are actually unpinnable.

## **Black Hat USA: August 9-10**

Palo Alto Networks is a Platinum Sponsor of Black Hat 2023 and is delivering live speaker sessions, as well as in-booth theater presentations with demos and after-hours fun.

Visit **Booth #1332** at the **Mandalay Bay**convention center in Las Vegas to chat with Prisma Cloud experts. Attend in-booth presentations and breakout sessions and experience personalized demos of Prisma Cloud. When you get your badge scanned at both booths, you're automatically entered into our daily raffle to win a pair of Apple Airpods Max!

Join Prisma Cloud for coffee on Wednesday, August 9 from 10:00 a.m. to 2:00 p.m. in the Palo Alto Networks booth (#1332). Open to attendees.

**Related** : [Black Hat Executive Q\&A with Wendi Whitmore](https://www.blackhat.com/sponsor-interview/07122023.html#palo-alto-networks), Senior Vice President, Unit 42, Palo Alto Networks

#### Speaking Sessions

##### What You Don't Know CAN Hurt You: Unit 42 Global Attack Surface Findings

*Thursday, August 10 from 11:30 AM - 12:20 PM*

Presented by: Josh Costa, Director, Product Marketing, Palo Alto Networks

If you don't know about a problem, you don't have to worry about it, right? Well, not when it comes to your unknown internet-accessible attack surface. We've discovered that attackers initiate attacks within hours of a CVE publication. It's important that you find and fix those security risks before they become an incident. Join this session to hear about the most common attack surface exposures we've found on the global attack surface of large enterprises and national governments. You'll also learn best practices for managing your dynamic attack surface and how to fight back.

##### When a Zero-Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability

*Thursday, August 10 from 2:30 - 3:00 PM*

Presented by: Margaret Zimmermann, Consultant, Palo Alto Networks Unit 42

How could a zero-day web vulnerability lead to a near complete compromise within an AWS environment? Pretty easily actually.

While the SugarCRM CVE-2023-22952 0-day authentication bypass and remote code execution vulnerability might seem like a typical zero day, the infrastructure behind the scenes of the web application causes the most concern and potential for mayhem if not secured correctly. When a threat actor shows signs of AWS knowledge, the sky's the limit for what they can accomplish with the right permissions.

This presentation maps out various attacks against AWS environments following the MITRE ATTACK Matrix framework, and wraps up with the multiple prevention mechanisms an organization can put in place to protect themselves. The complexity of the attacks details how seemingly innocuous AWS API calls lead to more daunting --- and not always traceable --- activity. One size does not fit all in cloud security, but these attacks highlight key areas to focus on to make sure you're ready to defend against those attacks when they come.

#### Prisma Cloud In-Booth Presentations:

* **Keys to Effective Web Application and API Security** by Ben Nicholson on 8/9 at 10:15 AM
* **Finding Sarah Connor - Supply Chain Weakest Links** by Stephen Giguere on 8/9 at 2:45 PM
* **Real DevSecOps - Easy Developer Centric Security** by Stephen Giguere on 8/10 at 11:15 PM
* **Build Better Roads Before Better Cars** by Stephen Giguere on 8/10 at 2:45 PM

#### Executive Meeting Requests: Visit with Prisma Cloud at Black Hat

Customer and partner engagement is important to us because it's the building block of your experience and our relationship. If you'd like to [schedule a meeting with Prisma Cloud](https://paloaltonetworks.jifflenow.com/external-request/blackhat2023/meeting-request?token=3f50cc7983f17212d179) subject matter experts, executives or sales reps, we'll be available.

#### Join Us for a Sushi and Spirits SOCial on August 9 at Black Hat 2023

Please join Palo Alto Networks on August 9 for a night of excitement and networking at KUMI Japanese Restaurant + Bar, right in Mandalay Bay. The sushi, spirits and music start flowing when doors open at 5:00 p.m. This is an exclusive event, so I urge you to [register now](https://register.paloaltonetworks.com/socialbypaloaltonetworks) to get on the list.

## **DEF CON 31: August 11-13**

Wrap the week up at DEFCON 2023 where Prisma Cloud by Palo Alto Networks is sponsoring the Capture the Flag activity. Participate in an interactive workshop for a chance to win multiple prizes! Our team of experts will be onsite to guide you along the way.

##### The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

*Saturday, August 12 at 1:30 PM*

Presented by: Asi Greenholts, Security Researcher, Palo Alto Networks

GitHub is the most popular platform to host open-source projects. Not surprisingly, the popularity of their CI/CD platform, GitHub Actions, is rising, making it an attractive target for attackers.

In this talk I'll show you, using a demo of POC worm, how an attacker can take advantage of the Custom GitHub actions ecosystem by infecting one action to spread malicious code to other actions and projects.

We'll start by exploring the ways in which actions are loosely and implicitly dependent on other actions. This will allow us to create a dependency tree of actions that starts from a project we want to attack and hopefully ends in a vulnerable action we can take control of.

We'll then dive into how GitHub Actions is working under the hood. I'll show you how an attacker in control of an action can utilize the mechanism of the GitHub Actions Runner to infect other actions dependent on their action and eventually infect the targeted project.

Finally, after we've gained all the theoretical knowledge, I'll show you a demo with POC malware spreading through actions, and we'll talk on how to defend against this kind of attack.

### **See you in Las Vegas!**

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### Palo Alto Networks Helps Secure Black Hat Asia 2025](https://www2.paloaltonetworks.com/blog/2025/03/secure-black-hat-asia-2025/)

### [Black Hat](https://www.paloaltonetworks.com/blog/cloud-security/category/black-hat/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Heading to Vegas the Week of August 5th? Here's Where to Find Us!](https://www2.paloaltonetworks.com/blog/cloud-security/blackhat-2024/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Power of Unity](https://www2.paloaltonetworks.com/blog/2025/12/the-power-of-unity/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Securing the Future of AI](https://www2.paloaltonetworks.com/blog/2025/09/securing-the-future-of-ai/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Security Operations Under Fire Inside Black Hat's NOC](https://www2.paloaltonetworks.com/blog/2025/09/security-operations-inside-black-hats-noc/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?ts=markdown)

[#### See How We're Fortifying Cloud and AI at AWS re:Inforce 2025](https://www2.paloaltonetworks.com/blog/2025/06/fortifying-cloud-ai-aws-reinforce/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language