Roi Nisimi is a Principal Security Researcher at Orca Security with over a decade of experience in vulnerability research and offensive cybersecurity. He honed his skills during six years of service in the Intelligence Corps of the IDF, where he achieved the rank of Lieutenant before moving on to roles at the Israeli Ministry of Defense. At Orca, Roi drives research that directly strengthens the company’s cloud security platform, contributing to design, development, and customer success. His expertise lies in uncovering and mitigating critical vulnerabilities across cloud environments, CI/CD pipelines, and Kubernetes ecosystem.
Powered by
Roi Nisimi
Roi Nisimi
Security Researcher at Orca Security
Agenda Talks
DevOps Con
16:15 to
16:45
06 Nov 2025
Forked and Owned: Taking Over GitHub Repositories via a single Pull Request
pull_request_target is a high risk GitHub Actions trigger, which cause the workflow to be executed in the context of the base repository. It means that secrets are automatically embedded into the GitHub runners, and the auto generated GitHub token is often permissive.
-
Roi Nisimi
Security Researcher
at
Orca Security