GitHub Security Lab (@GHSecurityLab) / X

GitHub Security Lab

1,453 posts

GitHub Security Lab

@GHSecurityLab

GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.

securitylab.github.com

Joined October 2019

Following

26.6K

Followers

Pinned
GitHub Security Lab
@GHSecurityLab
Feb 14, 2025
Find the GitHub Security Lab now on LinkedIn, Mastodon and Bluesky! 👇
7.3K
GitHub Security Lab
@GHSecurityLab
Jun 10, 2021
Kill -9 your way to root on most modern Linux using @kevin_backhouse's latest polkit finding (CVE-2021-3560)
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
From github.blog
GitHub Security Lab
@GHSecurityLab
Feb 2, 2022
Do you want to learn how to find vulnerabilities in Google Chrome? @Nosoynadiemas just released the last exercise of Fuzzing101! github.co/3s8m12H
GitHub Security Lab
@GHSecurityLab
Nov 14, 2019
Hi 👋 we are the GitHub Security Lab. Find more information about us here:
GitHub Security Lab
From securitylab.github.com
GitHub Security Lab
@GHSecurityLab
Dec 2, 2021
Learn how to fuzz Adobe Reader and finding bugs in closed-source applications in exercise 8 of Fuzzing 101 : github.co/fuzzing101
GitHub Security Lab
@GHSecurityLab
Oct 14, 2021
Do you want to learn how to fuzz an interactive application like GIMP using Persistent Fuzzing? Our wizard of fuzz @Nosoynadiemas just published exercize 6 of Fuzzing101! github.com/antonio-morale…
GitHub Security Lab
@GHSecurityLab
Sep 21, 2021
Go on an RCE hunting journey with @pwntester as he demonstrates how he used CodeQL to find multiple RCE vulnerabilities in Apache Dubbo: "All roads lead to RCE" github.co/3hUDB5V
GitHub Security Lab
@GHSecurityLab
Dec 13, 2021
"Exploits are really the closest thing to magic spells we have in this world" according to Halvar Flake. @kevin_backhouse demystifies an exploit of a double-free vulnerability in Ubuntu github.co/3pVse0G
GitHub Security Lab
@GHSecurityLab
Mar 4, 2020
Continuing our series analyzing recent CVEs, with a remote code execution on Exchange servers. Read @pwntester 's "CVE-2020-0688 Losing the keys to your kingdom"
CVE-2020-0688 Losing the keys to your kingdom
From securitylab.github.com
GitHub Security Lab
@GHSecurityLab
Apr 10, 2020
The first CodeQL online course is now available for free on GitHub Learning Lab! This course invites CodeQL beginners to follow in the footsteps of our security research team and find real vulns in Das-UBoot (patched since). Join other CodeQL learners: lab.github.com/githubtraining…
GitHub Security Lab
@GHSecurityLab
Apr 14, 2020
Learn all about how to fuzz network services in this practical case study by @nosoynadiemas in which he fuzzes 3 of the most popular Open Source FTP servers! securitylab.github.com/research/fuzzi…
GitHub Security Lab
@GHSecurityLab
Oct 19, 2021
Go dumpster diving for arbitrary code execution in v8's garbage collector with @mmolgtm in his Chrome vulnerability RCA for CVE-2021-37975 github.co/3pjp3RY
GitHub Security Lab
@GHSecurityLab
May 6, 2020
Looking for a vulnerability hunting challenge? Then this Java CTF challenge is for you! You will hone your bug finding skills to find a pre-auth RCE and also learn all about CodeQL's taint tracking features. securitylab.github.com/ctf/codeql-and…
GIF
GitHub Security Lab
@GHSecurityLab
Mar 25, 2020
Bugfix and chill! @pwntester reported 2 Server-Side Template Injections in Netflix open source libraries, enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vuln: First one in Netflix Conductor
GHSL-2020-027: Server-Side Template Injection in Netflix Conductor
From securitylab.github.com