Xavier René-Corail

@XCorail

I don't believe in perfection, I believe in continuous improvement. Building dev-sec bridges . All views are my own.

Vrijeme pridruživanja: travanj 2012.

Tweetovi

Blokirali ste korisnika/cu @XCorail

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @XCorail

  1. proslijedio/la je Tweet
    4. velj

    Awesome CodeQL query from that detects many variants of LDAP Injections in Java: Plain Java JNDI, UnboundID, Spring LDAP and Apache LDAP API. We are pleased to award him our maximum bounty reward $3000

    Poništi
  2. proslijedio/la je Tweet
    30. sij

    🌪Announcement🌪 It’s our pleasure to announce that Nico Waisman () - Head of the GitHub Security Lab will give a talk at !

    Poništi
  3. 28. sij

    Hey friends! If you are in Brussels this weekend, join me for drinks and chats! I'd love to talk to you about securing open source with the GitHub

    Poništi
  4. proslijedio/la je Tweet
    23. sij

    Another day, another crap article saying that “agile” is unsuited to ML projects because of sprints. There are no sprints in the Agile Manifesto. Stop thinking so linearly. Think in terms of Loops, Not Lines.

    Poništi
  5. proslijedio/la je Tweet
    23. pro 2019.

    Gravity is a hoax used by Big Aviation to keep us from flying like the volant animals we are! It's just a theory. Physicists are only in it for the money! We should listen to both sides of the argument.

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    23. pro 2019.

    The 4th and final post of my "whoopsie-daisy" series. This one is about getting code execution from a heap overflow on a 2GB string, with a few obstacles such as ASLR and UTF8 restrictions.

    Poništi
  7. proslijedio/la je Tweet
    12. pro 2019.

    First blog post in a short series about some vulnerabilities that I found in Ubuntu's crash reporter earlier this year. I learned a lot from working on the exploits, so I am going to share some of the tips and tricks that I learned.

    Poništi
  8. proslijedio/la je Tweet
    2. pro 2019.

    Integer overflow that leads to a heap overflow found by MQ software is such a critical piece of software for so many companies

    Poništi
  9. proslijedio/la je Tweet
    2. pro 2019.

    ICYMI: We're running a CTF until December 31st. Write a CodeQL query to find a specific class of DOM-based XSS vulns. The 2 best submissions will win Nintendo Switches, and 10 additional entries will receive coupons that can be used for GitHub Swag.

    Poništi
  10. proslijedio/la je Tweet
    22. stu 2019.

    If you are interested in working with CodeQL or some of the work we are doing at we just open a slack. Let me know and I will send you an invite.

    Poništi
  11. proslijedio/la je Tweet

    Yesterday we had our first GitHub Security Meetup, with ligthning talks by and Abishek Arya (Google). But also with exciting discussions with security folks. Thanks to all attendees and others: stay tuned for the next one in January.

    Poništi
  12. proslijedio/la je Tweet

    Learn how our security researcher found wireless vulnerabilities in the Linux Kernel, and variants, thanks to CodeQL:

    Poništi
  13. proslijedio/la je Tweet

    Check out the GitHub Security Lab bounty program! . Write a query, find bugs, get rewarded.

    Poništi
  14. proslijedio/la je Tweet

    We are releasing CodeQL, the unrivalled code exploration technology, and its new Visual Studio Code extension, free for open source code or academic research. Download CodeQL

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet

    Hi 👋 we are the GitHub Security Lab. Find more information about us here:

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    13. stu 2019.

    Stay tune for the fantastic announcements will be doing tomorrow at the keynote! We will be talking about Security ;)

    Poništi
  17. proslijedio/la je Tweet

    In the next installment of our series on using Semmle QL for vulnerability hunting, shows how to research DOM-based XSS by finding sources and sinks.

    Poništi
  18. proslijedio/la je Tweet
    26. lis 2019.

    Forgot to tweet this at the time but had a great talk on mapping vulnerabilities as a data flow graph from a source to a sink (eg a mempy) and using the pattern to identify other vulns in OSS – mjesto: Showbox SoDo

    Poništi
  19. proslijedio/la je Tweet
    25. lis 2019.

    As a security research team rule we donate all bug bounties... and we ( ) double them! Join us to have a deeper impact in the world.

    Poništi
  20. proslijedio/la je Tweet
    21. lis 2019.

    Want to learn more about QL and how you can use it to find variants of vulnerabilities in your code? Join us for our Semmle User Group this Wednesday night at Mozilla. See the event details for more information.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·