Level up your security game on GitHub with seamless security research! Discover code scanning, CVE management, and more within GitHub's ecosystem. Check out this insightful blog post now! 🔒 #GitHub #SecurityResearch #CodeScanning #CVEManagement github.blog/2024-04-03-sec…

Ever wondered how the GitHub Security Lab performs security research? Find out how they leverage code scanning, CodeQL, Codespaces and more🔒 ⬇️ github.blog/2024-04-03-sec…

GHSL-2023-277: Arbitrary File Deletion (AFD) in Owncast - CVE-2024-31450 securitylab.github.com/advisories/GHS…

This is my favorite kind of talk: great storytelling, cool visuals, technically interesting scenarios, and inspiring discourse. Consider me impressed Jason Lang :D youtube.com/watch?v=i2cJ1v…

Learn to audit applications for vulnerabilities with CodeQL and find them in thousands of GitHub repositories at once. 🚀 My blog, CodeQL zero to hero part 3: Security research with CodeQL is out! github.blog/2024-04-29-cod…

Happy to share that Alvaro Muñoz and I will be presenting our talk "Finding vulnerabilities at scale in Jenkins plugins with CodeQL" at BSides Barcelona, happening on May 29-30. Join us to learn about CodeQL, vulnerability research at scale, and the Jenkins plugin ecosystem!

GHSL-2024-013_GHSL-2024-014: SQL injection vulnerability in Meshery - CVE-2024-35181, CVE-2024-35182 securitylab.github.com/advisories/GHS…

This is happening today at 1pm CET. Those of you attending, see you there!

🚨 New Blog Alert! 🚨 Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities in Ruby can be exploited and how they can be detected with CodeQL. 🔗 Read the full post: github.blog/2024-06-20-exe… Stay safe and code responsibly! 🛡️💻

As someone who has always toyed with the idea of learning more about low-level exploitation (but is currently very bad at), I enjoyed this post a whole lot. Not only because of the insights about the whats and whys, but also because of the transversal look at the offsec industry.

Security in Action(s): extending CodeQL to detect Workflow vulnerabilities 🎤 Álvaro Muñoz Protege tus pipelines de CI/CD con detección avanzada de vulnerabilidades en GitHub Actions. --- SALA A2 - Miércoles 13 Noviembre de 14:45 a 15:30 hs Ekoparty | Hacking everything CEC Buenos Aires

New blog post with shubs: We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely. The issue was reported and patched. Full post here: samcurry.net/hacking-subaru

I remember being excited about AI. I remember 20 years ago, being excited about neuroevolutionary methods for learning adaptive behaviors in video games. And I remember three years ago, mouth watering at the thought of tasty experiments in putting language models inside

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I