Attack Simulator

Simulate past supply chain attacks such as SolarWinds, Codecov, and ua-parser-js and see how Harden-Runner stops them. Harden-Runner GitHub Action installs a security agent on the GitHub-hosted runner (Ubuntu VM) to

Prevent exfiltration of credentials
Detect tampering of source code during build
Enable running jobs without sudo access

Weekly instructor-led session

While you can follow the hands-on tutorials on your own, you can also attend a free weekly instructor-led session. Register here.

Attack Simulations

This table lists the different attack methods you can simulate. In each case, you then use Harden-Runner to stop the attack.

Number	Attack Simulation	Related incidents
1	DNS exfiltration typically used in dependency confusion attacks	Dependency confusion
2	Exfiltration of secrets from the CI/ CD pipeline	Codecov breach, event-stream incident, VS Code GitHub Bug Bounty Exploit
3	Tampering of source code during build	Solar Winds (SUNSPOT) breach
4	Use of compromised dependencies	event-stream incident, Embedded malware in ua-parser-js

step-security/attack-simulator

step-security

Reviews

Repository Details

Attack Simulator

Weekly instructor-led session

Attack Simulations

More Repositories