Skip to content

The one where a slack message became a supply chain backdoor

A GitHub Personal Access Token posted in Slack. Left exposed since July 2024. That's all it took to compromise an entire software build pipeline and gain the ability to poison every artifact the organization shipped.

A GitHub token. Posted in Slack. Left there since July 2024. 

That’s all it took to compromise an entire software build pipeline and gain the ability to poison every artifact the organization shipped.

This wasn’t a sophisticated zero-day. It was a credential, sitting in plain sight, in a searchable workspace, for over a year. By the time we found it, hundreds of employees could have done the same.

The discovery

We started where we always do: with reconnaissance. While combing through historical Slack messages for exposed credentials, we found something that shouldn’t have been there.

A GitHub Personal Access Token (PAT).

Posted publicly in a Slack thread. Dated July 2024.

We tested it.

Still valid. 

That meant any employee (past or present) with access to that workspace could have used it to reach into the organization’s most critical systems. For over a year, this token had been an open door.

The approach

Armed with a valid PAT, we explored the organization’s internal GitHub repositories. Our goal: escalate access without triggering alerts.

We identified a low-activity repository, something that wouldn’t draw attention if we started poking around. After cloning it locally, we created a branch using their standard naming conventions. Blend in. Move carefully. Stay invisible.

Then we reviewed the repository’s GitHub Actions workflow configuration.

That’s where things got interesting.

The exposure

GitHub Actions pipelines often handle sensitive credentials during builds. In this case, the workflows were exposing Artifactory credentials, the keys to the organization’s internal artifact repository.

But GitHub has protections. Secrets in workflows are automatically masked in logs to prevent exactly this kind of exfiltration.

So we built a new workflow. Innocuous. Low-profile. And we started experimenting.

The breakthrough

After several iterations, we found the bypass.

Double-Base64 encoding. 

By encoding the secret twice before it hit the logs, we sidestepped GitHub’s masking protections entirely. The credential passed through the pipeline and landed in our hands, intact.

We decoded it.

Username. Password. Full Artifactory configuration. All in cleartext.

The impact

With Artifactory credentials in hand, we had complete control over the organization’s software supply chain:

  • Download proprietary artifacts: Steal internal tools, libraries, and intellectual property
  • Replace or poison artifacts: Inject malicious code into dependencies used across the organization
  • Compromise downstream systems: Any team pulling from Artifactory would be pulling our code
  • Generate new API keys: Maintain persistent access even if the original credentials were rotated

A single exposed PAT escalated into full supply chain compromise.

But the real failure wasn’t technical. GitHub’s protections worked as designed. Artifactory’s credentials were properly scoped.

The failure was organizational: 

  • A credential posted in a public channel and never rotated
  • No detection when a year-old token was actively used
  • No monitoring for unusual GitHub Actions or artifact access patterns
  • No enforcement of token expiration policies

One token. One year. One catastrophic supply chain risk. 

What would an attacker find if they targeted you today?

Don’t wait for the attack that’s already in progress. Take control of your cybersecurity posture today with constant, targeted offensive security that outpaces your real adversaries.