At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens. A thread about my favorite story from running OMCB....

Yesterday, I had a blast presenting "Finding vulnerabilities with CodeQL" workshop OrangeCon. Thank you to the organizers for creating such a great conference OrangeCon 👏👏

Which lock picking sets do folks recommend for a student hacking club that wants to do it as fun workshop for beginners? Preferably a set that comes with a few easier and medium-hard locks, or a few that are modifiable.

Charlas MainTrack #EKO2024 🔥 📌 Michael Stepankin, Security Researcher at GitHub Security Lab 💡 “Breaking corporate Maven repositories”: In the Java ecosystem, companies often use in-house repository managers, such as Sonatype Nexus or JFrog Artifactory, to store artifacts and cache

Want to learn how to secure your browser extensions? Read our latest blog post where we talk about the security model of browser extensions and how developers can keep them secure. github.blog/security/vulne…

📌 "Security in Action(s): Detectando Vulnerabilidades en GitHub Actions con CodeQL" dictada por Alvaro Muñoz I DevSecOps Space I Sala A2 I #EKO2024

"Breaking corporate Maven repositories" dictada por Michael Stepankin I Sala E - MainTrack #EKO2024 🔥

Aaaaand that's a wrap! Very fun to be on the organizing side of a CTF for once. In the end, Conversationalist was solved 20 times and Global Backups only had 1 solve by havce! I've published detailed writeups/source code for both challenges below: github.com/JorianWoltjer/…

I've wanted to contribute to freeCodeCamp.org for a while, and now I got a chance. Happy to help secure one of the best platforms for learning programming 🤩

🚀 CodeQL zero to hero part 4: Gradio case study is out! This time we dive into how I wrote CodeQL to support the Gradio framework, scaled the research to a thousand repositories on GitHub, and found 11 vulnerabilities. gh.io/codeql-part-4

🔥🔥🔥

If you dont have time to go through a 1000 page book about compilers but you are curious about them you might follow this instead lowlevelbits.org/how-to-learn-c…

29 new vulnerabilities found in GStreamer by @nosoynadiemas! Click to learn how to improve fuzzing results with custom generators. github.blog/security/vulne…

🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. github.blog/changelog/2024…

A new free tier of GitHub Copilot in Visual Studio Code. ✅ 2,000 code completions per month 💬 50 chat messages per month 💫 Models like Claude 3.5 Sonnet or GPT-4o ♥️ More fun for you Check it out today! Oh yeah, and we passed 150M developers on GitHub 💅 github.blog/news-insights/…

🎉 Excited to announce the launch of CodeQL Community Packs for Security teams and researchers! 🚀 Supercharge your code analysis with new Query, Model, and Library packs, to find more vulnerabilities, accelerate codebases audit, and secure code effortlessly.

It doesn't happen very often, but Project Zero is hiring! goo.gle/41DBQBY Please share with anyone you think would be awesome for the role 🎉 Looking for at least one person. DMs open if you want to reach out about the role. The team: youtu.be/My_13FXODdU