GitHub Security Lab
@GHSecurityLab
Followers
26,044
Following
15
Media
208
Statuses
1,373
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
Joined October 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Brazil
• 1302139 Tweets
Elon Musk
• 735973 Tweets
#BUS1stFANCON_KnockKnockKnock
• 325579 Tweets
Caitlin Clark
• 89467 Tweets
#GFRunTheWorldConcertD1
• 81308 Tweets
#WITHYOU_MV
• 62746 Tweets
GULF NEW SONG
• 54921 Tweets
Bluesky
• 50802 Tweets
#プレイバックガチャ
• 44933 Tweets
TEDDYTINT x POND
• 35717 Tweets
Djokovic
• 27710 Tweets
Gomita
• 27097 Tweets
札幌2歳
• 24149 Tweets
ドジャース
• 23608 Tweets
野菜の日
• 22058 Tweets
Stanford
• 17076 Tweets
Popyrin
• 16201 Tweets
JAMESSU FM IN QINGDAO
• 14929 Tweets
台風一過
• 13333 Tweets
SUNSET X VIBES WATCH PARTY
• 10693 Tweets
Pinned Tweet
Why does GitHub Security Lab do research like
@mmolgtm
’s recent work on bypassing MTE on the Pixel 8? This question was asked on Hacker News and we think it’s worth a short thread.
3
12
53
Kill -9 your way to root on most modern Linux using
@kevin_backhouse
's latest polkit finding (CVE-2021-3560)
11
622
1K
Do you want to learn how to find vulnerabilities in Google Chrome?
@Nosoynadiemas
just released the last exercise of Fuzzing101!
0
146
416
Hi 👋 we are the GitHub Security Lab. Find more information about us here:
29
125
350
Learn how to fuzz Adobe Reader and finding bugs in closed-source applications in exercise 8 of Fuzzing 101 :
0
107
330
Do you want to learn how to fuzz an interactive application like GIMP using Persistent Fuzzing? Our wizard of fuzz
@Nosoynadiemas
just published exercize 6 of Fuzzing101!
3
102
316
Go on an RCE hunting journey with
@pwntester
as he demonstrates how he used CodeQL to find multiple RCE vulnerabilities in Apache Dubbo: "All roads lead to RCE"
2
83
281
"Exploits are really the closest thing to magic spells we have in this world" according to Halvar Flake.
@kevin_backhouse
demystifies an exploit of a double-free vulnerability in Ubuntu
1
61
255
Continuing our series analyzing recent CVEs, with a remote code execution on Exchange servers. Read
@pwntester
's "CVE-2020-0688 Losing the keys to your kingdom"
3
98
253
The first CodeQL online course is now available for free on GitHub Learning Lab! This course invites CodeQL beginners to follow in the footsteps of our security research team and find real vulns in Das-UBoot (patched since). Join other CodeQL learners:
3
80
242
Learn all about how to fuzz network services in this practical case study by
@nosoynadiemas
in which he fuzzes 3 of the most popular Open Source FTP servers!
0
81
236
Go dumpster diving for arbitrary code execution in v8's garbage collector with
@mmolgtm
in his Chrome vulnerability RCA for CVE-2021-37975
0
96
224
Looking for a vulnerability hunting challenge? Then this Java CTF challenge is for you! You will hone your bug finding skills to find a pre-auth RCE and also learn all about CodeQL's taint tracking features.
1
71
200
Bugfix and chill!
@pwntester
reported 2 Server-Side Template Injections in Netflix open source libraries, enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vuln: First one in Netflix Conductor
1
84
200
Hey fuzzers! Do you want to learn how to use an WMV file to trigger a bug in VLC Media Player? Exercize 7 of
@Nosoynadiemas
's Fuzzing 101 is up and waiting for you!
0
61
197
In this post
@mmolgtm
goes through the details of CVE-2022-1134, a type confusion in Chrome, and shows how to gain remote code execution in the Chrome renderer using this bug.
2
87
196
Read how
@kevin_backhouse
gets root access on Ubuntu 20.04 by pretending nobody’s /home
#LPE
4
75
192
Curious how the recently patched Chrome 0days (CVE-2021-30632, CVE-2021-30633) affected you?
@mmolgtm
explores the fascinating intricacies of exploiting optimized property access based type confusions in Chrome's v8 JIT
2
77
188
CVE-2021-3560 exploitation demo:
1
60
187
The Qihoo 360 Alpha Lab presented a great example of how
#CodeQL
driven variant analysis can be used to hunt for 0day in Chrome and amplify your security research results at Blackhat 2021:
0
62
186
Sometimes the beans you plant grow into RCE! Read all about Java exploit gardening in
@pwntester
's new post
2
62
183
GHSL-2022-043: Remote Code Execution (RCE) in the Chrome renderer - CVE-2022-1869
2
69
180
Happy new year fuzzing learners! In the new episode of
@Nosoynadiemas
's Fuzzing101 you will learn how to fuzz Windows applications
2
49
164
Now you C me, now you don't. An introduction to the hidden attack surface of interpreted languages with
@basalberts
.
3
63
161
In this post-mortem of a real world OSS supply chain attack we dissect the many tentacles of Octopus Scanner: a supply chain malware
2
77
157
As the finale of his 'fuzzing sockets' series
@nosoynadiemas
walks us through his Apache HTTP Server findings:
1
32
152
GHSL-2021-1012: Poor random number generation in keypair - CVE-2021-41117 -
3
38
144
Learn how to take aim at HTTP attack surfaces in
@Nosoynadiemas
series on fuzzing the Apache Web Server
3
44
140
Dive into the exploitation of a Chrome WebAudio UAF in this third and final installment of
@mmolgtm
's Full Chain series
0
51
134
A glibc heap exploitation tutorial, using a heap buffer overflow in SANE Backends as an example, by
@kevin_backhouse
0
46
133
If you don't learn from past CVEs you are doomed to repeat the same mistakes.
@pwntester
starts a new series of articles deconstructing CVEs. Let's start with a RFD in the Spring framework.
0
52
128
GHSL-2020-045: Server-side template injection in Atlassian Confluence - CVE-2020-4027
2
48
124
NEW Security Feature:
🎉 PRIVATE VULNERABILITY REPORTING 🎉
7
34
118
Want to learn software security and have fun doing it? 🎉 🔒 Check out Secure Code Game - a FREE, hands-on training simulating what you do on a daily basis. Start playing now at 🎮 Read more at
0
37
119
Learn all the tricks
@nosoynadiemas
used to fuzz twelve vulnerabilities out of FreeRDP in the second instalment of his Fuzzing with Sockets series!
1
45
117
How do static analysis tools detect vulnerabilities in software? Learn more about the fundamentals of static analysis and security research, and challenge yourself with exercises in the first part of CodeQL Zero to Hero series by
@BlazingWindSec
5
32
118
In this post "Corrupting memory without memory corruption"
@mmolgtm
is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app
1
45
117
GHSL-2020-009: UAF leads to RCE in ProFTPD - CVE-2020-9273
1
53
114
Fuzzing101 exercize
#4
is out! Join
@Nosoynadiemas
and learn how to use code coverage data to improve the effectiveness of fuzzing!
0
30
118
In this blog post
@mmolgtm
shows how to bypass various modern mitigation implemented in the Android kernel and exploit CVE-2022-22057 to gain root from a malicious Android app
2
36
110
Unravel some hidden vulnerabilities in mTLS systems with
@artsploit
. As presented at
@BlackHatEvents
and
@defcon
this year, the research is now available in our blog.
2
47
112
Dive even deeper down the fuzzing rabbit hole with part 2 of
@nosoynadiemas
's advanced fuzzing series!
0
37
114
🚀 CodeQL zero to hero part 3: Security research with CodeQL! Learn how to audit applications for vulnerabilities with CodeQL, tricks we can use for security research workflow, and how to find bugs in thousands of GitHub repos at once using MRVA.
2
31
109
Learn how to write CodeQL queries to find security vulnerabilities in the 2nd part of CodeQL zero to hero series by
@BlazingWindSec
5
29
108
Shift left with our deep dive into the OWASP Proactive Controls Top 10
1
28
110
We’re building a coalition of companies who believe that the security of open source is important for everyone. Join
@F5Labs
@github
@Google
@Hacker0x01
@intel
@IOActive
@jpmorgan
@LinkedIn
@Microsoft
@mozilla
@NCCGroupInfosec
@okta
@trailofbits
@Uber
@VMWare
0
18
108
We paid a $4,000 bounty to
@JLLeitschuh
, for his amazing bug slayer submission. He didn't only reported 1,597 bugs, but also sent the PRs to fix them. That's what we call open source security at scale!
2
10
108
GHSL-2023-023: Type confusion in the Chrome renderer - CVE-2023-1214
0
33
108
🧐 Dive into the world of exploit development on Linux with: "Cueing up a Calculator: An Introduction to Exploit Development on Linux" by
@kevin_backhouse
Check it out now 👉
0
40
106
Learn to navigate the fuzzy brick road with
@nosoynadiemas
's new Fuzzing 101 series! You can start the first exercise at
0
38
104
GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE-2021-32824
0
45
105
Take your next step down the fuzzy brick road to become a Wizard of Fuzz with
@nosoynadiemas
Fuzzing 101 Exercise
#2
1
22
102
GHSL-2020-205: Remote Code Execution in Apache Struts 2 - S2-061 - CVE-2020-17530
1
33
96
Curious how
@mmolgtm
managed to actually exploit that Chrome WebAudio Use After Free he found back in March? 🎃 Mo shares his tricks and treats us with his latest post on Chrome UAF exploitation 👻
0
26
100
GHSL-2022-018: Arbitrary Code Execution in Apache Commons Text - CVE-2022-42889
0
37
96
Awesome CodeQL query from
@ggolawski
that detects many variants of LDAP Injections in Java: Plain Java JNDI, UnboundID, Spring LDAP and Apache LDAP API. We are pleased to award him our maximum bounty reward $3000
4
29
95
Put your GitHub Actions skills to the test and learn about workflow security considerations. Our Capture the Flag (CTF) starts this Wednesday 🏴
0
24
95
Check out
@Nosoynadiemas
' tips on Fuzzing, to overcome known challenges and maximize results:
0
46
93
GHSL-2020-56: Double free in OpenSSL client
2
28
91
Fixing ReDoS vulnerabilities can be tricky, but fear not - we've got a 4-step process that'll save the day. Check out our latest blog below.
3
33
90
Join
@oxfordmaths
and
@nicowaisman
for LiveQL, an unscripted live auditing session, as they cover some methods of finding non-intuitive string manipulation vulnerabilities in C code on tomorrow's Security Live Stream!
2
26
89
Being transparent about potential security vulnerabilities helps increase trust in your project. We believe it's much better to request a CVE and publish a security advisory than to stay silent and hope for the best, even for low severity vulnerabilities.
3
42
86
Get root privileges on an Android phone! Learn how
@mmolgtm
discovered CVE-2022-46395 in the Arm Mali kernel driver via root cause analysis of a Project Zero bug and then used it to get root privileges!
0
24
87
GHSL-2020-099: mXSS vulnerability in AngularJS
0
35
87
Follow
@pwntester
on another CodeQL adventure as he builds and iterates on top of prior community findings to find and fix additional vulnerabilities in NSA's Emissary software: "Don't shoot the emissary"
0
39
88
We’re launching a series of office hours for open source maintainers! Do you need advice to secure your project’s code? Grab some time to chat with our team. Spots are limited and run until end of April
6
46
83
You have two weeks left to join our Capture the Flag contest and win a Nintendo Switch, or cool GitHub swag! Write a CodeQL query to find a specific class of DOM-based XSS vulnerabilities.
1
43
85
Do you like your integers extra spicy? Learn about the hot lava that is C integer arithmetic:
0
25
84
Learn how
@mmolgtm
dug his way out of the Chrome sandbox using a credit card as a shovel! "The fugitive in Java: Escaping to Java to escape the Chrome sandbox"
1
37
81
“The little bug that couldn’t: Securing OpenSSL” Explore the curious lives of near-vulns in OpenSSL with
@agustingianni
1
21
76
If you’re out of popcorn you’re in luck because
@mmolgtm
popped some fresh Android kernels for you to enjoy! "One day short of a full chain: Part 1 - Android Kernel arbitrary code execution"
0
35
77
Assert yourself on the browser playground with
@mmolgtm
’s guide to hunting Chrome IPC sandbox escapes:
0
37
75
Learn to find and fix security issues while having fun with Secure Code Game, now with new challenges focusing on JavaScript, Python, Go, and GitHub Actions! 🎮🔐
2
18
73
It’s amazing what you can find for free in the garbage sometimes! Read
@mmolgtm
’s research into how Chrome’s garbage collector can be used to trigger UAF
0
25
73
GHSL-2020-066: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz
1
23
70
We would like welcome our newest Security Lab members: Bas
@basalberts
and Hauwa
@HauwaOtori
!
8
11
72
The 2nd season of Secure Code Game has arrived! 🎉
🎮 Play at
2
21
66
Learn more about how developers and administrators can secure their assets through the use of SELinux in this introduction to SELinux by Kevin Stubbings!
0
29
65
"Our goal is for every CVE in OSS that gets found that could be generalized, we create a CodeQL query that will cover that. Instead of manually fixing bugs one at a time, we can eradicate whole categories of vulnerabilities across software"
@natfriedman
2
21
68
In this post
@mmolgtm
shows how to get Remote Code Execution (RCE) in Chrome, by exploiting the type confusion vulnerability CVE-2023-4069 in the Maglev compiler.
0
14
65
GHSL-2020-010: Out-Of-Bounds write in Android Open Source Project - CVE-2020-070
1
28
67
Can't Grep This! The slides of
@agustingianni
's workshop at
@offensive_con
are available at
0
25
65
Having a hard time remembering where you put those Apache bugs? Join
@Nosoynadiemas
as he builds custom ASAN interceptors for memory bugs in Part 2 of "Fuzzing sockets: Apache HTTP"
0
20
64
Fuzz Apache HTTP server for fun (and CVEs) with
@nosoynadiemas
at
@hackinparis
starts in 15 min - 10am Paris time (GMT+1)
0
22
63
Take a deep dive into command injection vulns with
@mdisec
's talk at the GitHub Security meetup. Tune in Wednesday July 15, 2020, at 5pm CET (Central Europe) - 8am PDT (Pacific Time)
0
12
64
Crush the bugs with OSS-Fuzz! The final chapter in
@kevin_backhouse
's OSS blue teaming adventure is now available:
0
23
63
In his latest post,
@mmolgtm
sheds light on a patching problem in Pixel 6 (GHSL-2023-005) that can leave your device vulnerable to a variant of CVE-2022-38181, enabling malicious apps to gain root access. Read 👉
1
25
60
If you write a nice CodeQL query and propose it to the open source community, you can get not one, but TWO bounty rewards from the Security Lab. We're making changes to the Bug Slayer bug bounty program:
0
10
62
Join us for the very first episode of LiveQL! An interactive CodeQL-driven security research session featuring
@nicowaisman
and
@oxfordmaths
on Tuesday July 7th, 11am PDT.
1
22
62
Your challenge, should you choose to accept it, is to elevate your privileges from read-only to full write access on a designated game repository and claim your victory!
Ready?
1
30
62
Congrats to our CTF winners! 1st place goes to
@paraschetal
, with an impressive query, with tests and exploits! 2nd place goes to
@Kachakil
who took the time to give very detailed explanations. Well done guys! Hope you had fun! Solutions are coming soon
1
9
60
ICYMI: We're running a CTF until December 31st. Write a CodeQL query to find a specific class of DOM-based XSS vulns. The 2 best submissions will win Nintendo Switches, and 10 additional entries will receive coupons that can be used for GitHub Swag.
1
19
58