Dave

@cydave@infosec.exchange
101 Followers
110 Following
116 Posts
Security Engineer | Clicker of Links | Pusher of Buttons | Cat Dad
:twitter:https://twitter.com/_cydave
:github:https://github.com/cydave
✍️​https://0dave.ch/
DaveDec 7, 2024

Wrote about a funny little vulnerability in goreportcard I encountered just before publishing oauth-labs.

Give it a read if you have some time to kill :)

https://0dave.ch/posts/goreportcard/

#infosec #vulnerability #writeup

go report "a vulnerability" card

While publishing oauth-labs I stumbled upon a vulnerability in goreportcard

0dave
DaveSep 18, 2024

Quick http://ghmlwr.0dave.ch/ update:
I've included raw JSON data and an RSS feed (atom), check it out :)

(let me know if either of these two files are borked).

#github #malware #threatintel #update

ghmlwr | Suspects

DaveSep 8, 2024

It's sunday. You are very bored, you want to make the world a better place and report malicious repositories on GitHub.

You can: https://ghmlwr.0dave.ch/

 

#github #malware #threatintel #security

ghmlwr | Suspects

DaveSep 5, 2024

So I've implemented the status check for the repositories (online vs. offline) over at https://ghmlwr.0dave.ch/. Any other ideas? :)

#threatintel #github #malware

ghmlwr | Suspects

DaveSep 2, 2024
Quick update to ghmlwr.0dave.ch, you can now see their online status! 
ghmlwr | Suspects

DaveSep 1, 2024

Wrote a short post on how ghmlwr.0dave.ch works. Nothing too crazy, but if you're interested, read on:

https://0dave.ch/posts/ghmlwr/

#malware #github #threatintel

DaveAug 29, 2024
@zate so I guess there are no updates regarding the vulns we handed over to your team? 
DaveAug 26, 2024

New day, new malware on GitHub :(

Looks like the stargazers have increased as well this fine monday. Curious!

#malware #github

DaveAug 25, 2024

Malware on GitHub?!

If only there were bored people on the internet who would report those repositories. Wouldn't that be great.

https://ghmlwr.0dave.ch/

#malware #GitHub #security

DaveAug 23, 2024

Malware on GitHub?!
(yes, there's been malware on GitHub for quite some time now)

https://ghmlwr.0dave.ch/

#malware #GitHub #security

×
DaveAug 25, 2024

Malware on GitHub?!

If only there were bored people on the internet who would report those repositories. Wouldn't that be great.

https://ghmlwr.0dave.ch/

#malware #GitHub #security

Show threadck0Sep 1, 2024

@cydave If only Github was managed by one of a biggest company in the world, or by one which could be a leader in cybersec. They would have some money to spend for hiring people for this job or the tehcnical knowledge to build a tool for tracking this repos. Oh, wait ...

Don't blame users for not doing the owner job, when the owner have all the resources for making it but doesn't want to.

Show threadDaveSep 2, 2024
@ck0 My thoughts exactly!
I even tried contacting GitHub through both email and discussions... but no dice 
Show threadcyberderpSep 2, 2024
@cydave nice! I noticed some 404s already, perhaps you could filter those out on a schedule run?
Show threadDaveSep 2, 2024
@cyberderp I thought about implementing a "alive" or "dead" status indicator as well. I'll see what I can do :)
Show threadDaveSep 2, 2024
@cyberderp Just pushed an update to indicate the state, check it out :)