🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The GitHub Security Lab is proud to sponsor the NULLCON Berlin 2024 Diversity Scholarship, with 8 passes to this great security conference! Submit your application here: nullcon.net/berlin-2024/sc… - and we'll see you there!

An interesting workshop by intrigus at #NullconBerlin2024 🔹 Use #CodeQL libraries for C/C++ 🔹 Learn to build, structure queries using classes and predicates 🔹 Use data flow analysis, taint tracking to find a real-world RCE vulnerability 👉 nullcon.net/berlin-2024/sp…

Want to know how to reverse engineer a Mach-O binary that breaks all tools? Checkout my writeup for the "Injecting commands" challenge from Braeker CTF 2024! intrigus.org/research/2024/…

FROM code SELECT vulnerability! Grab a spot for intrigus's CodeQL workshop at NULLCON Berlin this Friday. Without prior CodeQL knowledge, learn how to identify vulnerabilities in projects. nullcon.net/berlin-2024/sp… #NullconDE2024

Listen up! Can you hear the sound of flags? We are composing another edition of GPN CTF. There will be some banger challenges. Play on-site at Entropia e.V. GPN22 or online. Start Friday, 31 May 2024 10:00 UTC! More info: ctf.kitctf.de

Learn to audit applications for vulnerabilities with CodeQL and find them in thousands of GitHub repositories at once. 🚀 My blog, CodeQL zero to hero part 3: Security research with CodeQL is out! github.blog/2024-04-29-cod…

We played at RedRocket.Club's Cyber Security Rumble and got 8th place internationally and 2nd in Germany! Looking forward to meet you all in the finals!

After learning how to reverse engineer binaries, intrigus and Lennard will continue on this Thursday with an introduction on how to pwn them (binary exploitation). 7pm **-102**, 50.34

GPN CTF starts in less than two days 😲 but don't worry, we made sure you will have a banger CTF experience ᯓ★🎧. Start Fri, 10am UTC!

Join us this Thursday, when ju256 will talk about how to escape V8's new heap sandbox. As always: 7pm -120, 50.34

Woah, I totally didn't expect this 😯 I wouldn't be where I'm now without the help of Hauwa, Xavier René-Corail and Nico Waisman to name just three. Thank you for bringing me to GitHub+SF, encouraging me to do my first conference talk and letting a random run queries on ALL of lgtm.

Really excited for this one!

This Thursday, intrigus will present the results of his master's thesis on bounded verification of the range analysis in v8's Turboshaft engine. As always, 7pm -120, 50.34

GitHub's award that recognizes my contributions to open source security through my various workshops and my tireless help with people learning CodeQL or just answering their questions (plus some very nice swag) has arrived 🥳

When you look at a CVE's patch for more than a few seconds and get a new CVE for free :sigh:

Last year I played Realworld CTF and solved "Protected by JavaSE" together with I-Al-Istannen. We exploited XXE in GitHub's CodeQL using the unintended CVE-2024-25129. I wrote about the (un)intended solution and how to use CodeQL to find bugs in CodeQL 😂 intrigus.org/research/2025/…

Hey, GPN CTF is back! Can you break the CTF monopoly? The only property worth owning is the top spot on our CTF leaderboard. 'Go to jail' is just a chroot jail away, play online or on-site at Entropia e.V. Friday, 20th of June 2025 10:00 UTC! More info: gpn23.ctf.kitctf.de