Kev @kevin_backhouse
Security researcher @GHSecurityLab @GitHub. Opinions are my own. he/him github.com/kevinbackhouse Joined July 2016-
Tweets765
-
Followers4K
-
Following144
-
Likes671
You know what else is interesting about Kong? @pwntester reported an Actions injection (which is probably still viable) that the Kong security team claimed was not a valid report. securitylab.github.com/advisories/GHS…
🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. github.blog/changelog/2024…
🚀 CodeQL zero to hero part 4: Gradio case study is out! This time we dive into how I wrote CodeQL to support the Gradio framework, scaled the research to a thousand repositories on GitHub, and found 11 vulnerabilities. gh.io/codeql-part-4
Solid advice usually. Not convinced it'll work on a smart meter though.
This is one of the real world vulnerabilities found by the new CodeQL packs. Can you exploit it to get the flag? Bring us your solution to GitHub boot at @ekoparty to win some swag!
This is one of the real world vulnerabilities found by the new CodeQL packs. Can you exploit it to get the flag? Bring us your solution to GitHub boot at @ekoparty to win some swag!
Next week I'll be at @ekoparty talking about vulnerabilities in GitHub Actions and how I extended CodeQL to find them at scale. I've wanted to go to Eko for years - it's a dream come true, and on their 20th anniversary no less! So excited!
The contrast between two CUPS vulns is amazing. This one, CVE-2024-35235, seems to have flown completely under the radar - in total contrast to CVE-2024-47176. It was an LPE with an exploit chain that sounds very reliable. I only heard about it for the first time today.
The contrast between two CUPS vulns is amazing. This one, CVE-2024-35235, seems to have flown completely under the radar - in total contrast to CVE-2024-47176. It was an LPE with an exploit chain that sounds very reliable. I only heard about it for the first time today.
Want to learn how to secure your browser extensions? Read our latest blog post where we talk about the security model of browser extensions and how developers can keep them secure. github.blog/security/vulne…
Morning world! Slept ‘ok’ (not great not terrible) So yesterday I was doing some mitm6 over public WiFi (in the lab) and whilst I was speeding dns responses to Microsoft Google Facebook Twitter etc. My web clients simply did not follow the responses and went to the actual…
Charlas MainTrack #EKO2024 🔥 📌 @artsploit, Security Researcher at GitHub Security Lab 💡 “Breaking corporate Maven repositories”: In the Java ecosystem, companies often use in-house repository managers, such as Sonatype Nexus or JFrog Artifactory, to store artifacts and cache…
We had a short look at the buffer overflow found by fuzzing `process_browse_data` to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak.
We had a short look at the buffer overflow found by fuzzing `process_browse_data` to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak.
> critical 9.9 cvss "unauthenticated" rce on linux!!!! > look inside > requires local network access, user interaction, and non-default configuration
> critical 9.9 cvss "unauthenticated" rce on linux!!!! > look inside > requires local network access, user interaction, and non-default configuration https://t.co/fKCyViEriA
Considering the amount of hype, it's a bit weak to only have a poc that requires the user to try to print to a new device that just magically appeared on their network.
Considering the amount of hype, it's a bit weak to only have a poc that requires the user to try to print to a new device that just magically appeared on their network.
This series is fun. I was buying cable recently and literally couldn't find any information about the technical differences between CAT5e, CAT6a, etc. I ended up buying F/FTP CAT6a and the shielding is so heavy that it doesn't really bend. Looking forward to the CAT8 episode!
This series is fun. I was buying cable recently and literally couldn't find any information about the technical differences between CAT5e, CAT6a, etc. I ended up buying F/FTP CAT6a and the shielding is so heavy that it doesn't really bend. Looking forward to the CAT8 episode!
In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause. Enjoy.... labs.watchtowr.com/we-spent-20-to…
GHSL-2024-005_GHSL-2024-008: SSRF, XSS, RCE and Sensitive information disclosure in OpenHAB Web UI - CVE-2024-42467, CVE-2024-42468, CVE-2024-42469, CVE-2024-42470 securitylab.github.com/advisories/GHS…
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Brendan Dolan-Gavitt @moyix
30K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Faith 🇧🇩🇦�... @farazsth98
4K Followers 318 Following Lead Cosmos Security Engineer @zellic_io, CTFer @SuperGuesser, Prev: Android Vulnerability Research @dfsec_com
kmkz @kmkz_security
19K Followers 2K Following Offensive Security, pom-pom girl... Who cares ?? Bourbon Offensive Security Services | BOSS
Richard Johnson @richinseattle
18K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Alvaro Muñoz 🇺�... @pwntester
13K Followers 514 Following Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt
nedwill @NedWilliamson
16K Followers 551 Following Tesla {Autopilot, Dojo}; Previously Google Security; PPP for life; SockPuppet, Soundhax, Speedcubing
ishak dev @ishakxdev
28 Followers 114 Following Cybersecurity Expert and Dev | Offensive Security | Penetration Testing | Threat Hunting | Red Teaming | Malware Analysis
Hugo @Hugo38413820636
0 Followers 2K Following
Mohammed | مُحَم... @u0pattern_cs
3K Followers 1K Following Mobile Security R&D by day | Saudi nationalist politician by night, whose ambition is to see his country 🇸🇦 lead the region #the_saudi_cyber_arms_company_2035
𝚔𝚒𝚖𝚖𝚢.... @kimmydotzip
9K Followers 1K Following Highly Unprofessional | Hardcore Wholesome | Product Management | Hackery Type | Trans(former) | Failed Man | Polyamorous | XY(ZZY) | Taller than you
Big Bones @ebiyedgr88
10 Followers 133 Following
K3n581n @k3n581n
67 Followers 507 Following Cyber Security Fan #Malware analyst #C++ #Internals #Cybersecurity consultant
Giovanny Schneider @GSchneider30166
85 Followers 4K Following
Hawk @nullcoder_xd
286 Followers 5K Following 20| Here to explore; no business deals. Shit(re)poster
진건승 @comalmot_gs25
39 Followers 104 Following M. S. Student @ Chungnam National University | BoB 9th DF | SECRET@CNU
은민수 @allqk
1 Followers 8 Following
Cody March.27th in �... @_miae_rxck
1K Followers 7K Following Financial Analyst & Crypto Enthusiast | Navigating market trends | Empowering financial literacy
sudi @sudhanshur705
5K Followers 697 Following Remember, whatever happens... There's always a vulnerability https://t.co/FFVfnf39jY
Naomi @Luvrgal5Naomi
0 Followers 22 Following
Cybersecurity Laborat... @cyberseclabs_pl
13 Followers 353 Following Cyberbezpieczeństwo & informatyka
None @natharox
10 Followers 82 Following
x11250000 @x11250000
22 Followers 1K Following
Dark@Joker:~$ @ExploitNest
92 Followers 2K Following CRTA | CAP | OSCP (Aspirant) - Pentration Tester & Bug Hunter - Red Teamer 🤡
Jhon doe @an0n39
2K Followers 4K Following Everything posted here is strictly for educational purposes. I do not condone any illegal or suspicious activity. Join Now : https://t.co/d0OGC91rMS
Pasindu Ravimal @PasinduRavimal
13 Followers 375 Following
faa dzii @Dzii58735
0 Followers 78 Following
Shinobyx @crypticrebel337
23 Followers 1K Following Bug bounty hunter who is a bit inactive on social media, so don't expect too much from me here...
Hiten Ahuja @HitenAhuja2
10 Followers 453 Following
Chris Grinder @grinder_chris
44 Followers 631 Following Freelancer, Cyber Security Recruiter, Travel Addict, It Enthusiast
taobao86 @taobao861
104 Followers 3K Following
SOLAXYSUPPORT @SOLAXYSUPPORT1
174 Followers 2K Following Welcome to The Official Support Page of @SOLAXYTOKEN. Having any issues? Send us a DM for assistance.
Emmanuel T Odeke @odeke_et
2K Followers 745 Following Building @orijtech, @golang, cloud computing, cybersecurity, accelerating industrialization, technology etc. Always learning!
DC Gulf Coast @DCGulfCoast
129 Followers 1K Following Northwest Florida's affiliate of @defcongroups currently run by @corpstigris and @Codebender_Cate. Revival project ongoing.
BSides Pensacola @BSidesPensacola
206 Followers 1K Following Pensacola's Official Security B-Sides Conference | Revival Project Ongoing
Joshua J. Drake @jduck
28K Followers 2K Following Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec
Andrew Baji @baji_andrew
3 Followers 5K Following
Camary Ripcy @CamaryRipc96881
37 Followers 898 Following
Cedric Klosa @cedric_klosa
6 Followers 146 Following
madinmars @madinmarss
144 Followers 376 Following Security Researcher | https://t.co/jefMjBK8iX | https://t.co/xNOOj28G6O
Ani @aniziki
190 Followers 1K Following 27 they/them | Security Researcher | Hardware Penetration Tester | @happaxvi
Jonathan Eddy @jmeddy42
299 Followers 1K Following An Information Security aficionado who loves to hack and learn. https://t.co/vJWu22LyK5
FindmeX @LynnWsa
94 Followers 3K Following
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Project Zero Bugs @ProjectZeroBugs
35K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Maddie Stone @maddiestone
61K Followers 804 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Ivan Fratric 💙💛 @ifsecure
18K Followers 207 Following Security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Alvaro Muñoz 🇺�... @pwntester
13K Followers 514 Following Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt
nedwill @NedWilliamson
16K Followers 551 Following Tesla {Autopilot, Dojo}; Previously Google Security; PPP for life; SockPuppet, Soundhax, Speedcubing
colin furze @colin_furze
68K Followers 377 Following I'm the colinfurze from youtube with all the crazy inventions and projects. Also holder of many world records. Yis boi
Adnan Khan @adnanthekhan
3K Followers 204 Following Security Engineer at big tech | Part Time Security Researcher | Build Pipeline Menace | All thoughts and opinions are my own.
✨ Michelle "MishMan... @MishManners
13K Followers 1K Following #Hackathon Queen®™ 👩💻 DevRel @Twilio 👑 #Esports Queen #TwitchStreamer 🎤 Speaker ✍️ Journalist @techAU 🏆 International award winner
Thomas Rinsma @thomasrinsma
1K Followers 314 Following Looking for strange loops and weird machines. Lead security analyst @CodeanIO.
Carl Cashman @CarlCashman
19K Followers 3K Following 🔸 Leader, Liverpool @LibDems working all year round 🏛️ proud councillor for Church Ward @lpoolcouncil 🏡 mortgage broker ✉️👇🏼[email protected]
𝔅͛𝔯͛𝔦͛�... @brianwhelton
16K Followers 1K Following Network/Security chap, guitarist, cert junkie, F1 fan, festival, gig & conference attendee. I stroke cats & drink tea! All views are possibly mine...
Schneider Electric @SchneiderUKI
24K Followers 469 Following Our mission is to be the trusted partner in Sustainability and Efficiency.
Dave Aitel @daveaitel
28K Followers 2K Following Cyber Security Researcher | Policy Analyst | Partner at https://t.co/OpZchMm8Sz | @[email protected]
Solar Designer @solardiz
13K Followers 1K Following @Openwall founder, @oss_security maintainer, @lkrg_org co-author, @CtrlIQ Linux security engineer. RTs don't imply agreement with points of view.
daniel:// stenberg:// @bagder
59K Followers 538 Following Typos and segfaults. I write curl. On team @wolfSSL. I don't know anything. @[email protected] My weekly email: https://t.co/9UYYYMLWaw
Siddharth M @Tr3x__
548 Followers 334 Following Intern at @trailofbits | PhD Student @ Purdue | Security team at @netbsd 🧑🏻💻 | CTF player | @teambi0s @shellphish 🚩 | RE + Pwn🔥| GSoC' 18 and '19 😁 |
Everbest @ulldma
517 Followers 747 Following
TracketPacer @TracketPacer
58K Followers 396 Following 🚀 rockit network engineer 👩🏼💻🛜 weird use cases & silly tech | find me on a platform not run by a nazi 👋🏼
The Cyber Riddler @CyberRiddler
345 Followers 1 Following Podcast for the infosec enthusiasts, We decipher the offensive and defensive side of the cyber world, created by @almorabea, New episode every other wednesday
Ahmad Almorabea @almorabea
2K Followers 1K Following Interested in applied cryptography, Malware Reverse Engineering, Exploit Development, Host of The Cyber Riddler podcast @CyberRiddler #privacy #cybersecurity
Paul Hodgkinson @__aegilops__
17 Followers 92 Following I work at GitHub (a Microsoft co.), working with GitHub Advanced Security. My opinions are my own, and are not GitHub's nor Microsoft's.
/* BlazingWind */ @BlazingWindSec
258 Followers 502 Following Security researcher at @GHSecurityLab. Views are my own.
Ellie Huxtable @ellie_huxtable
6K Followers 1K Following building @atuinsh, prev: @posthog, @coinbase
shenetworks @shenetworks
72K Followers 844 Following a menace • hacker • shenetworks @ TikTok & YouTube & Twitch. Co-Host of @breakingthepod. New episodes biweekly.
callmemari @realcallmemari
17 Followers 26 Following
David Korczynski @Davkorcz
1K Followers 251 Following researcher @ADALogics | Software security, fuzzing, vulnerability analysis, AI, open source. | CS PhD from @CompSciOxford
Kate Catlin @Kate_Catlin
3K Followers 1K Following AI Sr. PM @GitHub. Building tools for AI developers. Potluck enthusiast. Laughs often. Views my own.
William Bowling @vakz... @wcbowling
6K Followers 413 Following Security Engineer at @zellic_io, a.k.a vakzz when doing bug bounties and CTFs with @pb_ctf - https://t.co/9bjECLAwXg
vixentael 🛡🇺�... @vixentael
25K Followers 2K Following I do software security, security engineering and applied cryptography | problem-solver @cossacklabs | she | Ukraine
madison | taladrane@f... @taladrane
457 Followers 671 Following putting the charisma, uniqueness, nerve, and talent back into cybersecurity one day at a time 💃 advisory database curation manager @github. she/her
Xavier René-Corail @XCorail
600 Followers 408 Following I don't believe in perfection, I believe in continuous improvement. Building dev-sec bridges @GHSecurityLab @GitHub (ex @Semmle). All views are my own.
Tony Torralba @_atorralba
407 Followers 372 Following Breaking builds and building breakages. He/him. ProdSec Engineer @okta. Opinions are my own. Mastodon: https://t.co/oFZdTxYDMJ
Darakian @Hooray_Darakian
33 Followers 30 Following The twitter appendage of https://t.co/qoflAWmAFi See also: @[email protected]
Mike Hanley @_mph4
3K Followers 775 Following
GitHub Security @GitHubSecurity
14K Followers 90 Following The @github Security team. 🚨 Report vulnerability: https://t.co/wTLhTm60PQ. Security Research: @GHSecurityLab. We're hiring!
Joseph Katsioloudes @jkcso
737 Followers 703 Following @GHSecurityLab Security Specialist, Keynote Speaker. All views are my own.
Jaroslav Lobačevski ... @yarlob
424 Followers 310 Following Researcher at GitHub Security Lab. Tweets are my own. And BTW, russian warship go https://t.co/lEE0gfVtxE yourself.
Jill Moné-Corallo @thejillboss
348 Followers 360 Following You can find me behind a keyboard or @ Disney World 🏰 | 🪲Bounty Leader @ Shopify | Former Fruit Security👩🏼💻| XHubber🐙🐱|Opinions are my own
Real Abril🌈 @RealAbril
18K Followers 2K Following tech equity advocate | teacher by trade | #BlackTransLivesMatter | she | they
Anny @Annyv2
986 Followers 510 Following An entrepreneur building and learning in public. Human-focused Security, video production, automation and AI Follow along! https://t.co/fX966TFErT
Nikki @NikkiMegaplaza
4K Followers 669 Following ~ Blabbing about Computer Networking, Personal Finance, & Tap dancing 💃🏾~ GT Alumna 🐝 ~ All my tweets are song lyrics ~
Alyssa Milburn @noopwafel
1K Followers 524 Following dorky hacking stuff and ⚡glitches, breaking things on the sw/hw boundary - she/her 🏳️🌈 - ❤️ people more than tech - @[email protected]Trends for United States
You might like
