pwntester

@[email protected]
1.4K Followers
122 Following
37 Posts
Security Researcher with @GHSecurityLab. CPO (Chief Pwning Officer) at pwntester.com ;) CTF #int3pids. Opinions here are mine! vi/vim
Websitehttps://www.pwntester.com
GitHubhttps://pwntester.github.io
Twitterhttps://twitter.com/pwntester
Twittodonhttps://twittodon.com/share.php?t=pwntester&[email protected]
GitHubhttps://github.com/pwntester
pwntesterJun 21, 2024
Peter StöckliJun 20, 2024

If you're interested in the inner workings of unsafe deserialization in Ruby I got you covered with a blog post that explains in detail how a concrete gadget chain works:

https://github.blog/2024-06-20-execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/)

From JSON to command execution!

I've also created a repository containing proof of concept exploits that work up to Ruby 3.3 for Oj (JSON), Ox (XML) and Psych (YAML):
https://github.com/GitHubSecurityLab/ruby-unsafe-deserialization

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.

The GitHub Blog
pwntesterNov 30, 2023
Discover the latest insights from our team’s audit on Home Assistant security! 🛡️ https://github.blog/2023-11-30-securing-our-home-labs-home-assistant-code-review/
#CodeReview
Securing our home labs: Home Assistant code review

The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here's what we found and what you can do to better protect your own smart home.

The GitHub Blog
pwntesterSep 21, 2023
DarakianSep 21, 2023

... what matters most to us is our fix rate. When looking at the tens of thousands of reports in the GitHub Advisory Database, on average, 80% are fixed by maintainers. However, the fix rate for vulnerabilities the Security Lab reported is much higher: 96% of our reports end up with a fix.

https://github.blog/2023-09-21-the-github-security-labs-journey-to-disclosing-500-cves-in-open-source-projects/

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!

The GitHub Blog
pwntesterSep 21, 2023
Show threadPeter StöckliSep 21, 2023

@Kugg Disclaimer: I might be heavily biased (due to working at GitHub)

That being said: this is an example of an RCE I found simply by using a CodeQL default query (untrusted data flowing into a deserialization sink).

https://securitylab.github.com/advisories/GHSL-2022-069_CircuitVerse/

Additionally, we have a „CodeQL wall of fame“ for vulnerabilities that were found with CodeQL:

https://securitylab.github.com/codeql-wall-of-fame/

GHSL-2022-069: Remote Code Execution (RCE) in CircuitVerse - CVE-2022-36038

A remote code execution (RCE) vulnerability in CircuitVerse allowed authenticated attackers to execute arbitrary code via specially crafted JSON payloads.

GitHub Security Lab
pwntesterAug 4, 2023
Phising for vulnerabilities at scale is easy with CodeQL and MRVA. Learn more about MRVA from @maikypedia in his blog post https://maikypedia.gitlab.io/posts/finding-vulns-with-mrva-codeql/ Prefer the CLI? I got you covered https://github.com/GitHubSecurityLab/gh-mrva
Finding Vulnerabilities with MRVA CodeQL

Finding Vulnerabilities with MRVA CodeQL [*] INDEX: What is MRVA? MRVA vs CodeQL suites How to setup MRVA Download CodeQL extension in VSCode Configure our Github controller Code Search tools Fishing with MRVA 🎣 Server Side Template Injection (Ruby) Unsafe Deserialization (Python) 1- What is MRVA? Is known by everyone the power of CodeQL, analyzing a repository with a single click, but with MRVA security researchers have a new way to perform security research across GitHub.

Maikypedia
pwntesterJun 15, 2023
raptor Jun 15, 2023

#CodeQL zero to hero part 2: getting started with CodeQL

https://github.blog/2023-06-15-codeql-zero-to-hero-part-2-getting-started-with-codeql/

Part 1 is here:
https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/

CodeQL zero to hero part 2: getting started with CodeQL | The GitHub Blog

Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.

The GitHub Blog
pwntesterApr 24, 2023
Jaroslav Lobačevski 🇺🇦 🇱🇹Apr 24, 2023

I made a thing... or two. GitHub Actions permissions Monitor and Advisor: #GitHubActions #security

https://github.com/GitHubSecurityLab/actions-permissions

GitHub - GitHubSecurityLab/actions-permissions: GitHub token permissions Monitor and Advisor actions

GitHub token permissions Monitor and Advisor actions - GitHubSecurityLab/actions-permissions

GitHub
pwntesterApr 8, 2023
Show threadGeekMasherApr 7, 2023

@pwntester the video is out now 

https://youtu.be/PLHMmYLLhKo

SecuriTree: A TreeSitter based Security Tool for Neovim

YouTube
pwntesterApr 5, 2023
GeekMasherApr 5, 2023
New Video: tomorrow at 3pm BST. Find out about my new tool 'SecuriTree'. #AppSec #cybersecuriy #DevSecOps #devops
pwntesterMar 10, 2023
Peter StöckliMar 10, 2023

Are you interested in learning CodeQL and you're at Nullcon Berlin?
Come to the CodeQL workshop this afternoon!
Simon (@intrigus) and I will give you an introduction into CodeQL and demonstrate a real world use case using data flow analysis and taint tracking:

https://nullcon.net/berlin-2023/identify-vulnerabilities-using-CodeQL

Please setup your laptop using these instructions:
https://gh.io/nc-2023-setup

Identify vulnerabilities using CodeQL | Nullcon Berlin 2023

Nullcon is Asia’s largest international security conference, where key stakeholders from the industry, delegates from the government company representatives, COOs and hackers come together to talk about InfoSec