LightNews LightNews
artsploit.com
Michael Stepankin
@artsploit.com
190 followers 49 following 1 posts
Security Researcher at GitHub Security Lab, ex Portswigger. https://artsploit.blogspot.com/
artsploit.blogspot.com
Posts Media Videos Starter Packs
Reposted by Michael Stepankin
securitylab.github.com
GitHub Security Lab @securitylab.github.com · Aug 25
What if attackers could hijack your coding agent through a simple GitHub issue?

Prompt injections are a real and growing threat for VS Code Copilot Agent.

Learn how these attacks work and how you can defend your environment.

Read the full research: github.blog/security/vul...
Safeguarding VS Code against prompt injections
See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.
github.blog
2 5
artsploit.com
Michael Stepankin @artsploit.com · Jan 22
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! github.blog/security/vul...
1 16 28
Reposted by Michael Stepankin
steven.srcincite.io
ϻг_ϻε @steven.srcincite.io · Nov 26
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!

Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
srcincite.io
1 36 76
Reposted by Michael Stepankin
jameskettle.com
James Kettle @jameskettle.com · Nov 15
How's your day going?
2 2 26