Earlier this month, we challenged you to a Call to Hacktion—a CTF (Capture the Flag) competition to put your GitHub Workflow security skills to the test.

Participants were invited to find a vulnerability in a dedicated private game repository by signing up via our  incrediblysecureinc/ctf-registration repo. The goal of the game was to escalate read-only repo access to write access through a vulnerable GitHub workflow, as well as learn about GitHub Workflow privilege models and security considerations in a fun and interactive way.

All in all, nearly 350 players from across the GitHub community participated in the CTF with 54 players ultimately solving the game within the allotted time frame.

@Creastery was the first person to fully exploit the vulnerability with a recorded finishing time of 2021-03-17T20:40:07.366Z (UTC)—1 hour, 40 mins, and 7 seconds—after the details of the CTF were made public

@Creastery AKA  Ngo Wei Lin is an active CTF player and security researcher, as is apparent from their rapid finish in our game. We’d like to take this opportunity to officially congratulate them on their first-place finish!

#community #security #github