Finding Insecure TrustManagers and Disabled Hostname Verification with CodeQL
I show how to find multiple CVEs in usage of the Java TrustManager and HostnameVerifier classes using a CodeQL query I've written and explain the individual steps taken.
Simon Gerst
Germany
Simon is a Computer Science student that loves tearing apart software to find security bugs. He wants to share his knowledge and also his CodeQL queries, to perform bug hunting at scale. He mostly finds bugs in OSS and contributes to the GitHub Security Lab Bug Bounty Program. In his free time he enjoys playing piano.
Community Contributions
Add support for "SHORT_BINSTRING".
I added support for "SHORT_BINSTRING" which is a opcode that is used by Python during `pickle` deserialization.
Fix wrong order of dict entries.
I fixed a bug where the order of dict entries was wrong which could lead to wrong decompilation results.
Cyber Security Rumble Finals CTF 2023 – elkcip – Writeup
I write about the challenge "elkcip" from Cyber Security Rumble Finals CTF 2023 and explain how I arrived at my solution, fix two bugs in "trailofbits/fickling" and investigate why some SAT/SMT solvers couldn't find a solution.
Insecure GitHub Actions
I spoke about insecure GitHub Actions workflows; why it is so important and what the most common problems are.
Afterwards, participants could try what they learned against small challenges, based on real-world bugs I've found.
Port gdb-tests from bash to python
I ported the old tests based on bash to python and also made them work on different locales.
Use prebuilt z3 package/binary
I improved spoon-dataflow to use a prebuilt z3 package instead of having to build it during CI, saving 20 minutes on a cache miss.
Identify correct fix for "improper authentication in Apache ShenYu Admin"
I identified the correct fix for "improper authentication in Apache ShenYu Admin" (CVE-2021-37580) in the GitHub advisory database.
