Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feedersecuritylab.github.com
GitHub Security Lab
Get the latest updates from GitHub Security Lab directly as they happen.
Follow now 44 followers
Latest posts
Last updated over 3 years ago
Fuzzing sockets: Apache HTTP, Part 3: Results
over 3 years ago
In the first part of this series, I explained my fuzzing workflow...
Getting root on Ubuntu through wishful thinking
over 3 years ago
“Exploits are really the closest thing to magic spells we have in...
Fall of the machines: Exploiting the Qualcomm NPU (neural processing unit) kernel driver
over 3 years ago
In this post, I’ll use three bugs in the Qualcomm NPU (neural...
Chrome in-the-wild bug analysis: CVE-2021-37975
over 3 years ago
On September 30, 2021, Google released version 94.0.4606.71 of Chrome. The release...
The fugitive in Java: Escaping to Java to escape the Chrome sandbox
over 3 years ago
In this post, I’ll exploit CVE-2021-30528 (GHSL-2021-124), which is a use-after-free vulnerability...
Chrome in-the-wild bug analysis: CVE-2021-30632
over 3 years ago
On September 13, 2021, Google released version 93.0.4577.82 of Chrome. The release...
Apache Dubbo: All roads lead to RCE
over 3 years ago
During an audit of Apache Dubbo v2.7.8 source code, I found multiple...
Don’t shoot the emissary
over 3 years ago
Some time ago, I read a blog post about the review that...
Keeping your GitHub Actions and workflows secure Part 3: How to trust your building blocks
almost 4 years ago
In previous blog posts, we discussed possible mistakes and abuse patterns that...
Our shared common weaknesses
almost 4 years ago
Software supply chain security is a challenge. Software packages can go unmaintained...
Fail2exploit: a security audit of Fail2ban
almost 4 years ago
Security audits don’t always produce interesting results. As a member of GitHub...