Leaked GitHub PAT → org takeover → supply-chain push

§ Context

Assumed environment: target maintainer uses a classic PAT (rather than fine-grained) with broad scopes, no IP allow-list, and SSO not enforced for personal tokens. Repo runs an auto-publish workflow on push to main.

§ Steps

1. 01
   GET /user/repos → confirm reachDiscovery

   T1087— Account Discovery
2. 02
   Dork GitHub / Gist for ghp_ + ghu_ prefixesReconnaissance

   W-RECON-GITHUB-DORK— GitHub / GitLab Dorking
3. 03
   Auto-publish workflow ships malicious versionInitial Access

   SUP-NPM-TYPOSQUAT— npm / PyPI / RubyGems Typosquat
4. 04
   Downstream installs run the payloadExecution

   SUP-INSTALL-SCRIPT— Malicious Install Script
5. 05
   Push malicious commit to popular repoInitial Access

   SUP-PACKAGE-TAKEOVER— Package Maintainer Takeover
6. 06
   Identify a maintainer PAT with broad scopeCredential Access

   SAAS-GH-PAT-LEAK— GitHub Personal Access Token Leak

§ References

• T1087Account Discovery

§ Frequently asked

What is the "Leaked GitHub PAT → org takeover → supply-chain push" attack path?

A maintainer's PAT lands in a public Gist (or a Docker image layer). The token has repo + workflow scopes — push a malicious commit to a popular package, fire the auto-publish workflow. It chains 6 steps drawn from real-world offensive-security techniques.

What starting position does this attack require?

The first step is GET /user/repos → confirm reach (T1087) — a discovery primitive. Assumed environment: target maintainer uses a classic PAT (rather than fine-grained) with broad scopes, no IP allow-list, and SSO not enforced for personal tokens.

What is the final impact of this kill-chain?

The final step lands on Identify a maintainer PAT with broad scope (SAAS-GH-PAT-LEAK), which falls under Credential Access. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

§ Related dossiers

• Shared techniques2

  Stolen credentials → no-MFA Snowflake → mass tenant exfil (2024)

  Infostealer logs from third-party machines yielded credentials for many Snowflake tenants. Tenants without enforced MFA / IP allow-lists were directly queried; dozens of customer data sets exfiltrated.

• Shared techniques2

  Slack token in CI log → DM history → vendor mailbox compromise

  A CI run echoed a Slack xoxb-/xoxp- token. Use it to read DMs, harvest password-reset links and vendor invitations, pivot into the corporate mailbox.

• Shared techniques2

  Compromised extension auto-update → fleet compromise

  Take over a popular extension's developer account (credential stuffing on the store, abandoned email domain). Push a malicious version — every existing install runs attacker code on next launch.

• Shared techniques2

  Secret echoed to public build log → cloud takeover

  A workflow accidentally runs `env` or `set -x` during debugging — the AWS access key is now in public CI logs and indexed by Google Cache / GitHub search.

• Shared techniques2

  npm typosquat → developer workstation → corporate VPN

  Publish a typosquat npm package; the developer's `npm install` runs the postinstall script, exfils SSH keys + VPN profile, then connects to the corporate network.