Resources
Enterprise
Don't make me leave my development platform! Your security teams can perform security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting.
In this research nominated for the 2024 Pwnie award, Man Yue Mo gains arbitrary kernel code execution and root on an Android phone even with the Memory Tagging Extension (MTE) mitigation enabled.
Presented at Black Hat USA and DEFCON 2023, this research reveals interesting attacks on mTLS authentication. Read how mTLS systems can be vulnerable to user impersonation, privilege escalation, and information leakages.
Are you happy with your security training? Try out our Secure Code Game, our hands-on and community-sourced security training, and build a secure code mindset for your developers.
Improving the code security of widely used libraries like OpenSSL has a force multiplication effect for all of us. Read on to learn about the vulnerabilities, and how to use CodeQL to eliminate variants.
Check out how we used CodeQL on NSA's Emissary open source project to find critical issues, and how the NSA leveraged GitHub code scanning and security advisories to address the issues.
By referencing an external action with the uses directive, you’re running third-party code and giving it access to computing time, secrets, and your repository token.
Every GitHub Actions workflow trigger comes with a GitHub context. Some of this data might be attacker controlled and should be treated as potentially untrusted input.
Combining the pull_request_target workflow trigger with an explicit checkout of an untrusted Pull Request is a dangerous practice that may lead to repository compromise.
An overview of 2021's most common types of software vulnerabilities, based on an analysis of GitHub's Advisory Database.
Run through and lessons learned of our second episode of LiveQL, where we live-coded CodeQL queries to find a Rhino/Nashorn script injection.
Interview with Alvaro Muñoz, regarding the research that he presented at Black Hat 2020, where he and O. Mirosh uncovered more than 30 CVEs across 20 different CMS.
Man Yue Mo built and open sourced a fuzzer for the Android Near Field Communication (NFC) component. He shares here some design considerations when building the fuzzer.
Man Yue Mo goes through a series of UAF security vulnerabilities in Web Audio in Chrome and explains how to trigger them by arranging the order of various events.
When his prank was thwarted by COVID-19, Kevin Backhouse decided to write a glibc heap exploitation tutorial instead. Learners, you're in luck, enter the House of Force!
Antonio Morales continues his journey on socket-based fuzzing, with FreeRDP, and shares his process from start to finish, and the 12 bugs found as a result. Let's fuzz!
Antonio shares findings and tips from his research on socket-based fuzzing. Let's start with the audit of three widely-used FTP servers, with details on interesting CVEs found along the way.
Read our beginner's exploration of encryption, focused on identity validation issues in TLS. Utilizing CodeQL, we uncover common pitfalls in hostname validation across various projects.
Read about the large-scale remediation of CVE-2020-8597 in collaboration with CERT, where we used CodeQL to find and fix a widespread security vulnerability pattern in open source.
Let's build on each other's work. By analyzing past Chromium IPC vulnerabilities, Man Yue Mo found 6 new CVEs, and gave back to the community with a set of CodeQL libraries for Chromium.
Large and unknown codebases can be daunting to approach. Read our experience with Rsyslog, leveraging CodeQL from threat modeling to variant analysis, to disclose three CVEs.
Work smarter! In this research, we explore a vulnerability in the Linux Kernel, and with CodeQL's variant analysis, we found two more, triggered remotely through the WiFi network.
We analyzed past Android deserialization security vulnerabilities and used our SAST CodeQL to easily find, with just one query, the classes responsible for those bugs.
The research that started it all. With our SAST tool CodeQL, we found a high severity RCE security vulnerability in Apache Struts, stemming from deserialization of untrusted data.