GitHub Security Lab @GHSecurityLab
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on. securitylab.github.com Joined October 2019-
Tweets1K
-
Followers26K
-
Following15
-
Likes188
🚀 CodeQL zero to hero part 3: Security research with CodeQL! Learn how to audit applications for vulnerabilities with CodeQL, tricks we can use for security research workflow, and how to find bugs in thousands of GitHub repos at once using MRVA. github.blog/2024-04-29-cod…
Hey, security folks! Want to help us secure the world's software and share your security expertise at #GitHubUniverse? Apply to be a speaker!
Hey, security folks! Want to help us secure the world's software and share your security expertise at #GitHubUniverse? Apply to be a speaker!
🤖🔐 Can We Trust AI-Generated Code? 🔐🤖 We're diving into AI's role in development with @jkcso from @github Security Lab! 🚀 🤖 Is AI-generated code safe for production? 🔍 Importance of thorough code reviews. ✅ Best security practices. #AISecurity #GitHubCopilot
Uh-oh 😱 Seems like the RCE issues we reported in OpenMetadata are being exploited in the wild! 🔥 If you havent patched your instances to v1.2.4, please do it now! thehackernews.com/2024/04/hacker…
GHSL-2024-033: Server-Side Request Forgery (SSRF) in open-webui - CVE-2024-30256 securitylab.github.com/advisories/GHS…
GHSL-2024-019_GHSL-2024-024: Multiple command injections and path injections in Kohya_ss - CVE-2024-32022, CVE-2024-32026, CVE-2024-32025, CVE-2024-32027, CVE-2024-32024, CVE-2024-32023 securitylab.github.com/advisories/GHS…
GHSL-2023-257: Server-Side Request Forgery (SSRF) in Plane - CVE-2024-31461 securitylab.github.com/advisories/GHS…
GHSL-2023-250: Unauthenticated limited file write in DocsGPT - CVE-2024-31451 securitylab.github.com/advisories/GHS…
GHSL-2023-253: Cross-Site Scripting (XSS) in openrasp - CVE-2024-29183. This could allow an unauthenticated attacker to gain the session of users. securitylab.github.com/advisories/GHS…
GHSL-2023-154_GHSL-2023-156: Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) in memos API - CVE-2024-29028, CVE-2024-29029, CVE-2024-29030. These could lead to privilege escalation and information disclosure. securitylab.github.com/advisories/GHS…
GHSL-2024-010: Limited file write in Stable-diffusion-webui - CVE-2024-31462 securitylab.github.com/advisories/GHS…
GHSL-2023-277: Arbitrary File Deletion (AFD) in Owncast - CVE-2024-31450 securitylab.github.com/advisories/GHS…
GHSL-2023-225, GHSL-2023-226, GHSL-2023-227, and GHSL-2023-228: Server-Side Request Forgery (SSRF) and Denial of Service (DoS) in Mealie - CVE-2024-31991, CVE-2024-31992, CVE-2024-31993, CVE-2024-31994 securitylab.github.com/advisories/GHS…
Level up your security game on GitHub with seamless security research! Discover code scanning, CVE management, and more within GitHub's ecosystem. Check out this insightful blog post now! 🔒 #GitHub #SecurityResearch #CodeScanning #CVEManagement github.blog/2024-04-03-sec…
GHSL-2023-015: Unsafe deserialization in Apache Submarine - CVE-2023-46302 securitylab.github.com/advisories/GHS…
GHSL-2023-205_GHSL-2023-206: Cross-site scripting (XSS) and arbitrary command execution vulnerability in go2rtc - CVE-2024-29191, CVE-2024-29192, CVE-2024-29193 securitylab.github.com/advisories/GHS…
LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |PwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0WClint Gibler @clintgibler
19K Followers 575 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletterBug Bounty Reports Ex.. @gregxsunday
39K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Harsh Bothra @harshbothra_
42K Followers 663 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personalSaar Amar @AmarSaar
18K Followers 362 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]Louis Nyffenegger @snyff
18K Followers 599 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...张惠倩 @momika233
15K Followers 195 Following 上天入地无所不能小女子是也!! Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact mecrazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupTuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdAlex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.Samuel Groß @5aelo
24K Followers 499 Following V8 Security technical lead. Previously Project Zero. Personal account. Also @[email protected] and https://t.co/aVitnPjBiekylebot @ky1ebot
5K Followers 315 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]spaceraccoon | Eugene.. @spaceraccoonsec
21K Followers 293 Following Here to learn! Infosec@Open Government Products | White Hat && SecOpsMaddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.pyn3rd @pyn3rd
12K Followers 483 Following Security Researcher. BlackHat&HITB&CanSecWest Speaker. Xs are my own.Nicolas Grégoire @Agarri_FR
26K Followers 608 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricksAyden Becker @0xAydn
43 Followers 64 Following @AIVD Chef Regisseur, met oog voor cybersecurity, security research en ThreatIntel. @UvA_Amsterdam Raad van Advies. Bekeken en tweets zijn van mij.🇳🇱Mohammad Mansour @0X_Mans1337
11 Followers 825 Following 0X_Mans1337 Bug Bounty Hunter Web Penetration Tester Cyber Security ResearcherError403 @2rr0r4o3
40 Followers 350 FollowingKhalifa @E1ec30
46 Followers 777 FollowingWack @wack_gamer
103 Followers 1K Followingdark_ma773r @dark_ma773r
63 Followers 977 Following Former @USArmy, @USSOCOM, @USNavy, Combat Veteran.BillyZ @zbbilly
578 Followers 746 FollowingAnthony FREMION @anthofremion
77 Followers 201 Following Lead Dev Symfony. Responsable IT : https://t.co/CLaRTOu7FZFennek @Fennek366572
4 Followers 44 FollowingGyunay @G1style1234
15 Followers 33 Following Бъдете смели и само напред вървете без да го мислите много!!!aoziso @__28sh__
202 Followers 1K Following bug bounty, web security, ad security,azure ad security, pentest , redteamh4ckt0p3 @h4ckt0p3
3 Followers 318 Following Tech-savvy software engineer and data scientist with a passion for undercover white-hat hacking. Unveiling secrets and debunking myths #DataScience #hackingLawanda Buck @BuckLawand22521
8 Followers 231 Following #Bitcoin #Ethereum I am the provider of all social media services Digital Marketing And Reviews Services Our Only Demand to gain Customer Satisfaction.Carl Dunn @DunnCarl61875
3 Followers 107 Following #Social_Media All service providers are handpicked based on quality, reliability, delivery speed, and price. Our Only Demand to gain Customer Satisfaction.Ikabaru KBR Garcia @IkanaruT
33 Followers 200 FollowingYgor @_ygorGA
38 Followers 376 Followinge4b880e8baabe4b88ae38.. @2f8b07000000001
4 Followers 708 Following 適当にツイートしていきます たまに自身が作ったゲームやソフト等も上げるかもしれませんLittlecanaryblu @LittleCanaryblu
927 Followers 3K Following Mom 🫶🏼 Critical Care Tech➡️RN 🏥 Medical ICU ❤️ HELLP Syndrome survivor 🌷 Girl-Child activist 🔥 Shop my storefront ⬇️Ryder @crypto_90r
32 Followers 138 Following "European at heart, with a Guatemalan love story 💖 Dedicated to fundraising for 'Little Hope' project 🌟 Let's change lives together, one donation at a timeCarl-Christian Hänse.. @cchaensel
3 Followers 71 FollowingMarco Martinho @MarcoMartinho17
20 Followers 306 FollowingGabriel Rufus @Gaby_rufus
33 Followers 741 Followinglakshyap prabakarg @LakshyapP19506
0 Followers 1 FollowingMarcus Edmondson @thecybergunny
362 Followers 1K Following Cloud DFIR | Windows DFIR | Log Connoisseur - Views are my own and not affiliated with my employer.Salman Akram @oxSalmandotpy
1 Followers 45 FollowingMuhi Ahmed @muhiahmed_027
0 Followers 16 Following나영욱(이태수/�.. @4fI2l6Kr7kOo3fQ
649 Followers 6K Following 우리 하나로 마트 점장 문공 입니다.서울중앙지법 민사합의12부 부장판사입니다.대통령 명예훈장입니다.대법관 상달 입니다.정신과 특작부대 사령관 입니다.하버드 의대 명예박사입니다.방송공사 명예회장입니다.대법원 초대 상임원장입니다.목민관 총판사입니다.세계 성결교회 상임 부목사입니다.Jacob @JacobIZSmart
135 Followers 426 FollowingChuck Latham @LathamChuc72257
7 Followers 54 FollowingSerikichiroma @Serikichiroma
5 Followers 58 FollowingAdE @AdE12x
1 Followers 1K FollowingSree Veturi @sree09
341 Followers 1K Following Solution Architect - Digital, Cloud, AI/ML, Open Source, CMS, Drupal, Web, Mobile, Azure, AWS, GCP, Researcher in AI @ SSBM, Quantum Comp, Mentor@ ISB EE, DEIKhaled @khaled0x8
0 Followers 96 FollowingAlberta Wade @Alberta6333323
309 Followers 2K FollowingAidenPPerce @AidenPPerce
25 Followers 439 Following ¡Hola! Soy Aiden Un streamer Humilde. Jejeje ¡Proyectos Activos @MineGoldNET @AidenStudios_ !Faisal @0Faisal10
0 Followers 306 FollowingDiffblue @diffbluehq
2K Followers 985 Following Diffblue Cover autonomous AI-powered Java unit test suite generation & maintenance at scale. We’re revolutionizing software testing using #AI #aifordevelopersAlvaro Muñoz @pwntester
13K Followers 502 Following Security Researcher with @GHSecurityLab. CTF #int3pids. Opinions here are mine! mastodon: @[email protected]madison | taladrane@f.. @taladrane
471 Followers 699 Following putting the charisma, uniqueness, nerve, and talent back into cybersecurity one day at a time 💃 advisory database curation manager @github. she/herJill Moné-Corallo @thejillboss
291 Followers 341 Following You can find me behind a keyboard or @ Disney World 🏰 |Former Fruit Security👩🏼💻| Director of Product Security Response @GitHub🐙🐱|Opinions are my ownJoseph Katsioloudes @jkcso
697 Followers 686 Following Developer Advocate @GHSecurityLab @GitHub. Security Specialist, Keynote Speaker. All views are my own.Jaroslav Lobačevski .. @yarlob
397 Followers 309 Following OpenAI (Open-source Application Insecurity) Researcher at GitHub Security Lab. Tweets are my own. Russian warship go https://t.co/lEE0gfVtxE yourself.Pavel Avgustinov @pavgustinov
439 Followers 161 Following Computer scientist, mathematician, co-founder at Semmle, security researcher, working on declarative program analysis with QL.Grey Baker @greybaker
1K Followers 184 Following Building @pincitesinc with @sonasulakian and @mariamsulakian. Previously built @dependabot and helped build @GoCardless. Cycled around the world.Hauwa Otori @HauwaOtori
856 Followers 2K Following Put here to tell stories that inspire and move ppl to act. Words in: @ELLEmagazine & @forbes. Heard on @kcrw, @Marketplace, & @BuildingBlkPod. Views my own.Man Yue Mo @mmolgtm
5K Followers 79 Following Security researcher at GitHub Security Lab. Tweets/views/opinions are my own.Kev @kevin_backhouse
4K Followers 138 Following Security researcher @GHSecurityLab @GitHub. Opinions are my own. he/himXavier René-Corail @XCorail
617 Followers 435 Following I don't believe in perfection, I believe in continuous improvement. Building dev-sec bridges @GHSecurityLab @GitHub (ex @Semmle). All views are my own.Antonio Morales @Nosoynadiemas
2K Followers 1K Following Security Researcher at @GitHub @GHSecurityLab working on OSSGrab these cool @GHSecurityLab stickers at #nullconberlin
From Code Suggestions to Security x.com/i/broadcasts/1…
This is the second part of 'CodeQL Zero to Merge’, a step-by-step guide on writing Ruby Server-Side Template Injection and Ruby JWT Security Queries, both submitted to @GHSecurityLab bounty program. maikypedia.gitlab.io/posts/codeql-z…
Learn how I used #CodeQL to find insecure TrustManagers and disabled hostname verification in #java and getting 5 CVEs. The most serious CVE is in platform/ballerina-lang which could have be used for RCE or supply-chain attacks by a MiTM attacker 🤯 intrigus.org/research/2023/…
Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️ github.blog/2023-11-30-sec… #CodeReview
Another fun preso from last night’s @github SF meetup was by @XCorail from @GHSecurityLab Make vegetables (and security) delicious!
We'll also run a week long mini CTF where you can try your luck against a few insecure workflows and win vouchers for the GitHub Shop (up to $100 for first place) kindly sponsored by @GHSecurityLab. (Slides will be provided afterwards, so you don't have to physically be there)
In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: github.blog/2023-10-17-get…
Looking to level up your security skills? 👀 Join us for Open Source Friday as @jkcso shows us how this game can sharpen security skills and protect applications. Live today at 1pm ET on twitch.tv/github! RSVP: gh.io/osf-secure
We would also like to thank our prize sponsor: @GHSecurityLab - their mission is to inspire and enable the community to secure the open source software we all depend on. securitylab.github.com
The CTF will be jeopardy-style with challenges from all major categories such as crypto, pwn, rev, web, misc and more exotic ones like insecure GitHub Actions as well. We also have a special challenge by @Nosoynadiemas! Prizes: 1st: $500 2nd: $300 3rd: $200 Writeups: $1.5k in sum
return(GiS); | Cómo solucionar el error "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled" en GHAS | returngis.net/2023/05/como-s… #github #ghas @GHSecurityLab
“Quick and painless” and “a massive step forward.” See why maintainers are enabling private vulnerability reporting on their open source repos. github.blog/2023-04-19-pri…
This is an excellent writeup by Sylwia Budzynska on the fundamentals of static analysis, especially the practical graph theory background of the tools. It's important to understand how they work! github.blog/2023-03-31-cod…
On March 13, we officially begin rolling out our requirement for all developers who contribute code on GitHub.com to enable 2FA by the end of 2023 ✨ Learn about the process & how you can help secure the software supply chain with 2FA: github.blog/2023-03-09-rai…
Open source software is software that anyone can use, modify, & distribute. And there are certain security risks you should know about. In this OSS security handbook @SonyaMoisset shares common vulnerabilities and the best ways to protect your projects. freecodecamp.org/news/oss-secur…
⭐#Panel alert! 💻Finding methods to make #security easy for developers + removing the disconnect🧑💻🧮+🛡️ 💡Meet our panel for an insightful session : Xavier René-Corail, Marie Theresa Brosig, Santosh Yadav ✅For more updates➡️bit.ly/3wbN9Au #NullconDE2023 #infosec
Next post is out covering getting started with and learning CodeQL goingbeyondgrep.com/posts/learning…. One for Semgrep is coming next