Security
GitHub
Thu Oct 24 2024
Attacking browser extensions
Learn about browser extension security and secure your extensions with the help of CodeQL.
Mon Oct 21 2024
Securing the open source supply chain: The essential role of CVEs
Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have h...
Tue Aug 13 2024
From object transition to RCE in the Chrome renderer
In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chro...
Mon Jul 22 2024
3 ways to get Remote Code Execution in Kafka UI
In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.
Wed Jun 26 2024
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution...
Thu Jun 20 2024
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization...
Mon Apr 29 2024
CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow.
Wed Apr 03 2024
Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, a...
Mon Mar 18 2024
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code exec...
Mon Jan 08 2024
GitHub and the Ekoparty 2023 Capture the Flag
The GitHub Security Lab teamed up with Ekoparty once again to create some challenges for its yearly Capture the Flag competition! The post G...
Wed Dec 13 2023
Securing our home labs: Frigate code review
This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an atta...
Wed Dec 06 2023
Cueing up a calculator: an introduction to exploit development on Linux
Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux.
Thu Nov 30 2023
Securing our home labs: Home Assistant code review
The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security.
Company
Tue Oct 17 2023
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chro...
Mon Oct 09 2023
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.
Tue Sep 26 2023
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I'll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chro...
Thu Sep 21 2023
The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them.
Engineering
Thu Aug 17 2023
mTLS: When certificate authentication is done wrong
In this post, we'll deep dive into some interesting attacks on mTLS authentication.
Fri Jul 28 2023
Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation.
Education
Wed Jul 05 2023
Introduction to SELinux
SELinux is the most popular Linux Security Module used to isolate and protect system components from one another.
Open-Source
Mon Jun 26 2023
New tool to secure your GitHub Actions
Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions.
Thu Jun 15 2023
CodeQL zero to hero part 2: getting started with CodeQL
Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis...
