Mit dem Sieg im #Glasfaserstreit erhalten wir von Swisscom eine Parteientschädigung von CHF 10'000. Mit dem Geld spenden wir Global NOG Alliance 2 Spleissgeräte für die Ukraine. 🇺🇦
Spenden kann man direkt unter: bit.ly/nogalliance
#ChooseYourInternet #KeepUkraineConnected
Follow
Click to Follow ulldma
Peter Stöckli
@ulldma
SwitzerlandJoined March 2011
Peter Stöckli’s Tweets
Switzerland (finally) gets a nice dashboard on energy consumption too. Late, but thankfully very nice bonus points for including lake levels for hydropower, gas import/export flows, savings target, EU gas storage levels …
energiedashboard.admin.ch/dashboard
3
11
12
Show this thread
My blog post "Pre-Auth RCE with CodeQL in Under 20 Minutes"
3
95
245
Thanks to and for helping us by reporting a serious security vulnerability.
We take security very seriously and managed to patch the issue within one hour. You can find more details about the vulnerability in the quoted article.
Quote Tweet
GHSL-2022-069: Remote Code Execution (RCE) in CircuitVerse - CVE-2022-36038 securitylab.github.com/advisories/GHS
9
18
Our survey of SGX attacks is out! Come learn about how SGX fails in real life. Check out our website sgx.fail including attacks on and PowerDVD.
6
141
280
(1/2) Very happy that my JWT query has been highlighted by from the at #githubuniverse as an example for community-driven security contributions.
See intrigus.org/research/2022/ for the high-quality and slightly longer version!
1
11
16
Show this thread
And to celebrate CodeQL for Ruby, we launched a special and limited program as part of our CodeQL bounty program, with up to $2000 bonus for high quality submissions. Secure open source and get rewarded. Check it out:
2
5
Show this thread
ICYMI GitHub announced the general availability of #CodeQL for Ruby 🎉 The RCE and DoS that disclosed today in Ruby open source projects were found thanks to CodeQL: securitylab.github.com/advisories GHSL-2022-073, GHSL-2022-067 and GHSL-2022-063.
1
4
12
Show this thread
GHSL-2022-063: Remote Code Execution (RCE) in Arvados Workbench - CVE-2022-36006
1
2
GHSL-2022-073: Denial of Service (DoS) in Fat Free CRM - CVE-2022-39281
1
1
4
With CodeQL for Ruby out of Beta, we are including it as part of the supported languages for our CodeQL Bug Bounty program. To celebrate, Ruby submissions will be awarded special bonuses. Learn more 🔗 securitylab.github.com/bounties/
6
10
Excited to talk about how GitHub uses GitHub to secure GitHub today at #GitHubUniverse! Join us live or virtually at 2:30pm PST today!
6
3
9
I‘m now on Mastodon as well, you can add me at @ulldma@infosec.exchange
The provided office hours for #OpenSource projects looking to reduce their risk of breach. One thing we learned? Adopting a few simple practices can significantly improve your project’s security. Read more of our observations here.
17
58
🦠💥 #rubyfriends watch out! rest_client (not rest-client) went rogue just now! With over 2.6mln downloads(!), it now collects host info upon requirement: my.diffend.io/gems/rest_clie
Detected by
#ruby #rubygems #supplychain #opensource #cybersecurity
1
63
90
. You can find my original reports here. They were both reported in March and found when reviewing the #CodeQL variant analysis results for log4shell: securitylab.github.com/advisories/GHS and securitylab.github.com/advisories/GHS
This Tweet is unavailable.
10
26
I *really* do love CodeQL and the effort going into it right now. For example:
1
3
9
📣 I am extremely proud to share that this is publicly available now! the goal of this initiative at the is to help researchers while they're disclosing vuls to open source projects and provide guidance and support 💜
Quote Tweet
Coordination is Key! New Guide for Security Researchers to Coordinate Vulnerability Disclosures with #OSS Projects provides valuable best practices on how Finders can best engage & work with the open source community on discovered vulnerabilities hubs.la/Q01mnyBg0 #OSSummit
7
9
„Please run this code for a suprise“ 🥲
(It might be time to think about where you want to run code from the Internet. Hint: it‘s probably not your local machine with all your files, plain text tokens, etc.)
Quote Tweet
#Engineers, pls run this .py code for a surprise
print('\n'.join
([''.join
([('Engineer'[(x-y)%8 ]
if((x*0.05)**2+(y*0.1)**2-1)
**3-(x*0.05)**2*(y*0.1)
**3<=0 else' ')
for x in range(-30,30)])
for y in range(15,-15,-1)]))
1
If you perform SAML auth in Java you should make sure you patched bugs.chromium.org/p/project-zero. RCE during signature verification. Blogpost coming soon™.
5
147
398
SSH commit verification now supported
68
115
An interesting case when the deserialization was restricted to own code, i.e. no known third party could be used, so I found gadgets in the application itself.
Quote Tweet
GHSL-2022-001: Deserialization vulnerability in Orckestra C1 CMS - CVE-2022-24787 securitylab.github.com/advisories/GHS
1
6
6
Interesting writedown of CVE-2022-1802: A code execution vulnerability in Mozilla Firefox achieved by polluting the prototype of Array in the browser’s builtin JavaScript code:
zerodayinitiative.com/blog/2022/8/17
(discovered by )
1
If someone from security is reading this, please reply to my email on 5 Aug about a bug report that Android security team shared with you privately, thanks. SHA256 of various files for verification (next tweets)
3
12
25
Show this thread
In this post "Corrupting memory without memory corruption" is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app
1
47
119
CVE-2022-33980 RCE in Apache Commons Configuration. Note that the underlying cause: Common Text `StringSubstitutor` makes a great gadget to bypass block lists where `ScriptEngineManager` or the whole `javax` namespace are forbidden
2
57
140
How old were you when you discovered that holding the shift key while hovering over a request on Chrome DevTools will highlight the initiator in green and dependencies in red? 😱
Thanks, , for the tip!
read image description
ALT
164
1,846
9,314
Rapid7 just released a blog post for a vulnerability in Ruby-MySQL that we originally reported last year as an Metasploit issue.
5
11
In this blog post shows how to bypass various modern mitigation implemented in the Android kernel and exploit CVE-2022-22057 to gain root from a malicious Android app
2
41
116
If you want to keep your actions updated to the latest versions you can add a dependabot.yml to your .github and get pull requests to update actions. I have been adding this to a lot of my projects. More info can be found here: docs.github.com/en/code-securi.
14
43
Slides and video from my Fuzzing USB with Raw Gadget talk at .
🤖 Raw Gadget — a new interface for emulating USB devices
🪶 Fuzzing via virtual controllers
🔌 Reproducing bugs via Raspberry Pi Zero
Slides: docs.google.com/presentation/d
Video:
1
33
84
I was reversing a Scala app and wondered if there were any specific ways to invoke commands that aren't in Java. Turns out there are! And what about the other JVM languages? 🤔 I nerd-sniped myself with that question yesterday evening and here's the output
1
28
107
Quote Tweet
1 day until DevOpsDays Zurich! 
We are looking forward to seeing you tomorrow!
You can find all information about #DevOpsDaysZH on our website: bit.ly/38o37Pu
#dodzh #devops #devopsdays
We are looking forward to seeing you tomorrow!
You can find all information about #DevOpsDaysZH on our website: bit.ly/38o37Pu
#dodzh #devops #devopsdays
1
4
22
Awesome to see Jann using Raw Gadget for implementing USB exploits!
More USB bugs Jann found: bugs.chromium.org/p/project-zero
Raw Gadget instructions and examples: github.com/xairy/raw-gadg
Quote Tweet
Linux USB: usbnet tells minidrivers to unbind while netdev is still up, causing UAFs bugs.chromium.org/p/project-zero
6
24
New blog post about CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of Codeql - > websec.ca/publication/Bl #opensource #appsec #codeql
1
39
58
Also: if you don't need a Raspberry Pi for multiple purposes. Try to make your use case work with gokrazy Go appliances:
gokrazy.org
Show this thread
The easiest way to setup a headless Raspberry Pi securely in 2022 is to use the Imager application.
It allows you to preconfigure a public key for SSH access.
(The default user/password combination has been removed in the newest Raspian images.)
1
1
1
Show this thread
