Alexandros Kapravelos

Co-authored papers

2024

• On SMS Phishing Tactics and Infrastructure

  Proceedings of the IEEE Symposium on Security and Privacy

  Aleksandr Nahapetyan, Sathvik Prasad, Kevin Childs, Adam Oest, Yeganeh Ladwig, Alexandros Kapravelos, and Bradley Reaves

  DOI PDF Video Slides Data

  67,991 SMS phishing messages were linked to over 600 distinct operations that reuse cloud infrastructure, phishing kits, and provide early warning potential by monitoring certificate transparency logs.

2023

• ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

  Proceedings of the USENIX Security Symposium

  Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, and Aravind Machiry

  PDF

  ARGUS is the first static taint analysis of GitHub Actions, and it discovered code injection vulnerabilities in 4,307 workflows and 80 Actions.

2022

• Characterizing the Security of GitHub CI Workflows

  Proceedings of the USENIX Security Symposium

  Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, and Aravind Machiry

  PDF Video Slides

  99.8% of 447,238 GitHub CI workflows are overprivileged and 97% of repositories execute Actions from unverified creators, exposing systemic supply chain attack vectors.