In a previous blogpost, I wrote about a security bug I found in GitHub, which would have allowed an attacker to get write access to almost any public repository. As a quick recap:| Teddy Katz’s Blog
I’m a big fan of the “try weird stuff and see what happens” approach to security research. Modern software has a huge number of bugs, and engineering teams often have to prioritize which bugs to fix, based in part on the number of users affected by each bug. The result is that glaringly obvious bugs (say, a website being down) tend to get fixed very quickly. On the other hand, a bug that only occurs in exceedingly unusual circumstances, and has no obvious security impact, can stick arou...| Teddy Katz’s Blog
GitHub has a useful feature called fork collaboration. It works as follows:| Teddy Katz’s Blog
A few weeks ago, I found an interesting account takeover bug in a webserver. This is the type of issue where it’s not too difficult to spot that something is wrong, but it’s surprisingly complicated to create a working exploit, requiring several different attacks to be chained together. In the process, I also ended up learning a lot about modern cryptography algorithms.| Teddy Katz’s Blog
For the past few years, security research has been something I’ve done in my spare time. I know there are people that make a living off of bug bounty programs, but I’ve personally just spent a few hours here and there whenever I feel like it.| Teddy Katz’s Blog
Last December, I was invited to a private bug bounty program to test a beta version of GitHub Actions. GitHub Actions is a workflow automation tool integrated with GitHub. One common use case of GitHub Actions is for CI builds – a project can fairly easily start up a Docker container every time they push a commit (e.g.), and run their project’s tests in the container.| Teddy Katz’s Blog