@ulldma.bsky.social
Security Researcher and Software Engineer at GitHub Security Lab
Meinst du CryptPad? github.com/cryptpad/cry...
07.08.2025 12:49 — 👍 0 🔁 0 💬 1 📌 0
This time Cupertino started the photocopiers 😅
www.youtube.com/watch?v=N-2C...
I'm coming to Switzerland! Join me at the Microsoft Azure Zürich User Group in only a few weeks from now: www.meetup.com/de-DE/micros...
27.05.2025 00:03 — 👍 19 🔁 8 💬 1 📌 0
Our team member Man Yue Mo is back, showing a new way to bypass MTE protection on Android phones with CVE-2025-0072. github.blog/security/vul...
23.05.2025 14:52 — 👍 6 🔁 3 💬 0 📌 0
15.04.2025 15:25 — 👍 3 🔁 0 💬 1 📌 0
Next Monday I'm doing a 2h webinar on files as seen through the eyes of a cybersecurity researcher. This will cover useful stuff for programmers, more junior pentesters, and other tech enthusiasts who enjoy knowing how stuff works on a computer :)
hexarcana.ch/lp/files/?ut...
Note: the payloads displayed in the video have been faked to avoid disclosing details of how to implement a working exploit. The details of how to implement a working exploit have not been released yet.
More info at: github.blog/security/sig...
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
13.03.2025 16:08 — 👍 22 🔁 3 💬 1 📌 0
If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).
github.blog/security/sig...
In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...
12.03.2025 21:33 — 👍 7 🔁 6 💬 0 📌 0Hello from the GitHub Security Lab!
We are a team of security experts who cultivate a collaborative community where developers and security professionals come together to secure open source software.
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
22.01.2025 18:16 — 👍 28 🔁 16 💬 1 📌 0mitmproxy 11.1 is out! 🥳
We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.
More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
🚀 CodeQL zero to hero part 4: Gradio case study is out! This time we dive into how I wrote CodeQL to support the @hf.co's Gradio framework, scaled the research to a thousand repositories on GitHub, and found 11 vulnerabilities.
gh.io/codeql-part-4
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
My latest blog post is live! nastystereo.com/security/cro...
Read how to send a cross-site POST without including a Content-Type header (without CORS). It even works with navigator.sendBeacon
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby!
It builds on the work of others, including Leonardo Giovanni, @ulldma.bsky.social and @vakzz.bsky.social
nastystereo.com/security/rub...
If you're interested in the inner workings of unsafe deserialization in Ruby I got you covered with a blog post that explains in detail how a concrete gadget chain works:
github.blog/2024-06-20-e...
Including proof of concept exploits that work up to Ruby 3.3 for Oj (JSON), Ox (XML) and more.
If you're interested in the inner workings of unsafe deserialization in Ruby I got you covered with a blog post that explains in detail how a concrete gadget chain works:
github.blog/2024-06-20-e...
Including proof of concept exploits that work up to Ruby 3.3 for Oj (JSON), Ox (XML) and more.
The talk I have at @hack_lu about Yeti and our vision of the future of forensics intelligence is online!
We're already getting lots of FRs, which we'll do our best to implement before our official release EOM.
Hope I made @Sebdraven proud 🥹 #dfir #infosec
Screenshot: A JavaScript alert message is displayed to demonstrate that a cross-site scripting vulnerability exists. This alert was triggered when the user clicked on the “Proceed” button on a link provided by the attacker. Instead of the “malicious” attacker-supplied JavaScript URL, the user only sees what the attacker wants the user to see, in this case: a harmless link to securitylab.github.com.
Where I'll demonstrate some typical Ruby on Rails gotchas on a real project:
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
E.g. Why you shouldn't match strings with ^ and $ when using Regex in Ruby.
Head of cyber at the Romanian Intelligence Service:
Solarwinds attack didn't impact Romania because companies didn't pay their support and were lagging behind so many versions the exploited vulnerability didn't apply
