Register for Your Free Live Webinar Now:

"From Live Exploitation to Zero-Day Discovery: Investigating Attacks on Gogs"

| Live Webinar | February 12, 2026 | 2:00 pm ET |

A single infected server led us into a much larger story. While investigating suspicious repositories on exposed Gogs Git servers, we uncovered signs of active exploitation: commands hidden inside repository configurations, payloads fetching remote shells, and infrastructure linked to a custom-packed Supershell C2. What at first looked like an opportunistic abuse of a known bug turned out to be something more: an unpatched zero-day vulnerability, already being leveraged in the wild.

While an older RCE was known, the affected systems matched a yet-unknown exploit chain. This mismatch was the first clue that attackers were using a new vulnerability, rather than simply reusing a patched one.

In this talk, we will retrace that investigation. Starting from live exploitation artifacts, we will show how we correlated repositories across multiple tenants, fingerprinted vulnerable internet-facing servers, and pieced together the attack chain. Our scans revealed over 700 compromised Gogs instances worldwide, with dozens already updated yet still showing signs of compromise. The evidence demonstrated that attackers had a working exploit before disclosure.

We will close with lessons learned for defenders. These include how to detect malicious repository abuse in developer platforms, techniques for hunting zero-days from threat intelligence leads, and what this case study means for the broader risk landscape of self-hosted developer tools.

Speakers:

Steve Paul
Moderator, Black Hat

Yaara Shriki
Threat Researcher, Wiz

Yaara Shriki is a Threat Researcher at Wiz, specializing in emerging threats in cloud environments and researching new attack vectors. She explores novel ways to integrate ML and NLP into her security work. Yaara is currently pursuing an MSc in Computer Science at Tel Aviv University. She previously worked as a security researcher at Aqua Security and Checkpoint.

Lee Sult
Chief Investigator , Binalyze

Lee Sult is a digital forensics and incident response (DFIR) investigator specializing in malware analysis and network intrusion investigations. With experience leading complex cases across Fortune 500 organizations and government agencies, Lee brings practical, fielded insights on how attackers exploit forensic blind spots to evade detection.

Lee understands the pressures CISOs face during incidents—moving fast while building defensible conclusions, explaining technical findings to leadership, and working with incomplete evidence. His presentations cut through theory to focus on what actually works in the field: investigation prioritization, critical forensic artifacts, and where adversaries commonly hide.

As a practitioner who has lead criminal intrusion investigations and briefed senior leadership during critical incidents, Lee translates complex forensic concepts into actionable intelligence for both technical teams and business stakeholders.

Gili Tikochinski
Malware Researcher, Wiz

Gili Tikochinski is a part of Wiz's Attack Vector Intel team, focusing on malware detection and threat hunting. With over seven years in cyber research within the IDF and defense contractors, he has expertise in hardware research, reverse engineering, and building large-scale cybersecurity tools.

 

Offered Free by: Bİnalyze
See All Resources from: Bİnalyze