Log inSign up
GitHub Security Lab
GitHub
1,450 posts
user avatar
GitHub Security Lab
GitHub
@GHSecurityLab
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
securitylab.github.com
Joined October 2019
15
Following
26.6K
Followers

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Feb 14, 2025
    Find the GitHub Security Lab now on LinkedIn, Mastodon and Bluesky! 👇
    7.4K
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Jun 10, 2021
    Kill -9 your way to root on most modern Linux using @kevin_backhouse's latest polkit finding (CVE-2021-3560)
    Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
    From github.blog
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Feb 2, 2022
    Do you want to learn how to find vulnerabilities in Google Chrome? @Nosoynadiemas just released the last exercise of Fuzzing101! github.co/3s8m12H
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Nov 14, 2019
    Hi 👋 we are the GitHub Security Lab. Find more information about us here:
    GitHub Security Lab
    From securitylab.github.com
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Dec 2, 2021
    Learn how to fuzz Adobe Reader and finding bugs in closed-source applications in exercise 8 of Fuzzing 101 : github.co/fuzzing101
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Oct 14, 2021
    Do you want to learn how to fuzz an interactive application like GIMP using Persistent Fuzzing? Our wizard of fuzz @Nosoynadiemas just published exercize 6 of Fuzzing101! github.com/antonio-morale…
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Sep 21, 2021
    Go on an RCE hunting journey with @pwntester as he demonstrates how he used CodeQL to find multiple RCE vulnerabilities in Apache Dubbo: "All roads lead to RCE" github.co/3hUDB5V
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Dec 13, 2021
    "Exploits are really the closest thing to magic spells we have in this world" according to Halvar Flake. @kevin_backhouse demystifies an exploit of a double-free vulnerability in Ubuntu github.co/3pVse0G
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Mar 4, 2020
    Continuing our series analyzing recent CVEs, with a remote code execution on Exchange servers. Read @pwntester 's "CVE-2020-0688 Losing the keys to your kingdom"
    CVE-2020-0688 Losing the keys to your kingdom
    From securitylab.github.com
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Apr 10, 2020
    The first CodeQL online course is now available for free on GitHub Learning Lab! This course invites CodeQL beginners to follow in the footsteps of our security research team and find real vulns in Das-UBoot (patched since). Join other CodeQL learners: lab.github.com/githubtraining…
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Apr 14, 2020
    Learn all about how to fuzz network services in this practical case study by @nosoynadiemas in which he fuzzes 3 of the most popular Open Source FTP servers! securitylab.github.com/research/fuzzi…
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Oct 19, 2021
    Go dumpster diving for arbitrary code execution in v8's garbage collector with @mmolgtm in his Chrome vulnerability RCA for CVE-2021-37975 github.co/3pjp3RY
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    May 6, 2020
    Looking for a vulnerability hunting challenge? Then this Java CTF challenge is for you! You will hone your bug finding skills to find a pre-auth RCE and also learn all about CodeQL's taint tracking features. securitylab.github.com/ctf/codeql-and…
    GIF
  • user avatar
    GitHub Security Lab
    GitHub
    @GHSecurityLab
    Mar 25, 2020
    Bugfix and chill! @pwntester reported 2 Server-Side Template Injections in Netflix open source libraries, enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vuln: First one in Netflix Conductor
    GHSL-2020-027: Server-Side Template Injection in Netflix Conductor
    From securitylab.github.com