Jason Evangelho 🐧🎒Someone's taking pictures in San Francisco at an angle to make the streets look level. I feel simultaneously amused and triggered. (Seeing the cars level is what really fuels the illusion)
Tony Torralba
- 38 Followers
- 39 Following
- 9 Posts
Had a ton of fun working on this audit together with the @GitHubSecurityLab folks. Long post but definitely worth reading!
https://github.blog/2023-11-30-securing-our-home-labs-home-assistant-code-review/
In an unexpected turn of events, I'll be running the workshop "CodeQL tailoring: one size does not always fit all" tomorrow at GreHack, in Grenoble, France.
Ping me if you're attending the conference and want to meet!
It was great to learn that, as part of GitHub Security Lab's efforts to secure OSS projects, we were auditing @homeassistant roughly at the same time as Cure53, without knowing it!
https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/
pwntesterPhising for vulnerabilities at scale is easy with CodeQL and MRVA. Learn more about MRVA from @maikypedia in his blog post https://maikypedia.gitlab.io/posts/finding-vulns-with-mrva-codeql/ Prefer the CLI? I got you covered https://github.com/GitHubSecurityLab/gh-mrva
Finding Vulnerabilities with MRVA CodeQL
Finding Vulnerabilities with MRVA CodeQL [*] INDEX: What is MRVA? MRVA vs CodeQL suites How to setup MRVA Download CodeQL extension in VSCode Configure our Github controller Code Search tools Fishing with MRVA 🎣 Server Side Template Injection (Ruby) Unsafe Deserialization (Python) 1- What is MRVA? Is known by everyone the power of CodeQL, analyzing a repository with a single click, but with MRVA security researchers have a new way to perform security research across GitHub.
Peter StöckliWhere I'll demonstrate some typical Ruby on Rails gotchas on a real project:
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
A.) Why you shouldn't feed user-submitted content to link_to (CVE-2023-32693).
B.) Why you shouldn't match strings with ^and $ when using Regex
C.) ??? (CVE-2023-34090)
Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform - The GitHub Blog
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.
I enjoyed finding this vulnerability quite a lot, since it required really diving into the code to see what was happening! Also, quite fast response from the maintainers, which is uncommon :)
https://securitylab.github.com/advisories/GHSL-2023-143_GHSL-2023-144_OpenAM/
Sergi MartinezAs promised, here's the blogpost about the exploitation of #CVE_2022_32250 on Linux kernel 5.18.1. Hope you like it! (any feedback is welcome): https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg/
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache, namely the kmalloc-cg series of SLUB caches used for cgroups. This ... Read more Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg