~/security $

Adnan Khan

Security Engineer & Researcher

I'm a Security Engineer and Researcher, and this is my website and research blog! I work as a Security Engineer full time for a large company, but I also do some research in my spare time. I'm particularly interested in security risks that impact developers and systems used by developers.

GitHub X About Me

Copilot or Coconspirator - Tricking GitHub Copilot and Stealing all Your Secrets

Jan 7, 2026

cicd bugbounty

Who's SHA is it Anyway: Bypassing Google Cloud Build Comment Control for $30,000

Jul 21, 2025

bug-bounty cicd github

Watch your Dispatch: Race Condition in Dependabot Core CI

May 2, 2025

cicd githubactions security

(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe''s Frontend

Feb 27, 2025

cicd githubactions security

Cacheract: The Monster in your Build Cache

In this post, I demonstrate Cacheract, which is an open source proof-of-concept for 'Cache Native Malware' that exploits GitHub Actions cache misconfigurations.

Dec 22, 2024

bugbounty cicd githubactions

Release-Drafter To google/accompanist Compromise: VRP Writeup

Nov 12, 2024