Skip to content
Avatar
🐳
Looking at your projects for Security Vulnerabilities.
🐳
Looking at your projects for Security Vulnerabilities.
  • HUMAN Security
  • Boston, MA
  • 13:27 (UTC -05:00)
  • Twitter @JLLeitschuh

Sponsors

@nuvs
@indeedeng

Sponsoring

@sindresorhus
@kasecato

Organizations

@diffplug @gwizard @WPIRoboticsProjects @wpilibsuite @GradleWeaver @GitHub-Stars
Block or Report

Block or report JLLeitschuh

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Add an optional note:
Please don't include any personal information such as legal names or email addresses. Maximum 100 characters. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
JLLeitschuh/README.md

ReadMe Twitter_Post Jonathan_Leitschuh DevStory

Hi There!

My name is Jonathan Leitschuh and I'm an Open Source Software Security Researcher. I'm also a GitHub Star, GitHub Security Ambassador, & the first ever Dan Kaminsky Fellow @ HUMAN Security. I'm also a speaker at confrences like ShmooCon, BSidses CT, BSides LV, Black Hat, & DEFCON. I'm fortunate to have been featured by GitHub's README project!

If you'd like to get in touch, the best way is to DM Me on Twitter @JLLeitschuh.

Public Vulnerability Research

Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

Abstract

Imagine a world where a security researcher becomes aware of a security vulnerability, impacting thousands of Open Source Software (OSS) projects, and is enabled to both identify and fix them all at once. Now imagine a world where a vulnerability is introduced into your production code and a few moments later you receive an automated pull request to fix it. Hundreds of thousands of human hours are invested every year in finding common security vulnerabilities with relatively simple fixes. These vulnerabilities aren't sexy, cool, or new, we've known about them for years, but they're everywhere!

The scale of GitHub and tools like CodeQL (GitHub's code query language) enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. Simply automating the creation of thousands of bug reports by itself isn't useful, and would be even more of a burden on volunteer maintainers of OSS projects. Ideally, the maintainers would be provided with not only information about the vulnerability, but also a fix in the form of an easily actionable pull request.

When facing a problem of this scale, what is the most efficient way to leverage researcher knowledge to fix the most vulnerabilities across OSS? This talk will cover a highly scalable solution - automated bulk pull request generation. We'll discuss the practical applications of this technique on real world OSS projects. We'll also cover technologies like CodeQL and OpenRewrite (a style-preserving refactoring tool created at Netflix and now developed by Moderne). Let's not just talk about vulnerabilities, let's actually fix them at scale.

This work is sponsored by the new Dan Kaminsky Fellowship; a fellowship created to celebrate Dan's memory and legacy by funding open-source work that makes the world a better (and more secure) place.

Recordings

Zoom 0-Day: How not to handle a Security Vulnerability Report

Abstract

Come hear the hilarious story of Zoom’s biggest security scandal, a bombshell 0-Day vulnerability, from the one who dropped it.

On July 8th, 2019, a 0-Day vulnerability was dropped on Zoom that disclosed how anyone could join a victim’s Mac to a video call simply by visiting a malicious website. As if that wasn’t enough, Zoom left behind a hidden daemon that would re-install the Zoom client after it had been uninstalled. The icing on the cake? A full blown RCE vulnerability.

From Zoom’s original claims that it was “not a vulnerability”, what happened behind the scenes, to their eventual fix, join to hear what we as security professionals can learn from this debacle. The press might have covered the disclosure, but the post-disclosure story is even more astonishing than anyone would ever expect.

Animations

Recordings

Pinned

  1. Program for rapidly developing computer vision applications

    Java 358 116

  2. A ktlint gradle plugin

    Kotlin 1.1k 141

  3. Convenience Kotlin API over the Google Guice DI Library

    Kotlin 17 6

  4. Adaptable, fast automation for all

    Groovy 14.3k 4.1k

  5. Official Repository of WPILibJ and WPILibC

    C++ 769 477

  6. Generate thousands of pull requests to fix widespread security vulnerabilities across GitHub.

    Python 28 13

1,465 contributions in the last year

We're celebrating 100 million developers!
No contributions on January 30, 2022 No contributions on January 31, 2022 1 contribution on February 1, 2022 1 contribution on February 2, 2022 2 contributions on February 3, 2022 5 contributions on February 4, 2022 No contributions on February 5, 2022 No contributions on February 6, 2022 1 contribution on February 7, 2022 No contributions on February 8, 2022 No contributions on February 9, 2022 No contributions on February 10, 2022 No contributions on February 11, 2022 No contributions on February 12, 2022 No contributions on February 13, 2022 1 contribution on February 14, 2022 No contributions on February 15, 2022 No contributions on February 16, 2022 No contributions on February 17, 2022 No contributions on February 18, 2022 No contributions on February 19, 2022 No contributions on February 20, 2022 No contributions on February 21, 2022 No contributions on February 22, 2022 No contributions on February 23, 2022 No contributions on February 24, 2022 1 contribution on February 25, 2022 No contributions on February 26, 2022 No contributions on February 27, 2022 2 contributions on February 28, 2022 No contributions on March 1, 2022 No contributions on March 2, 2022 1 contribution on March 3, 2022 7 contributions on March 4, 2022 No contributions on March 5, 2022 No contributions on March 6, 2022 1 contribution on March 7, 2022 No contributions on March 8, 2022 1 contribution on March 9, 2022 32 contributions on March 10, 2022 No contributions on March 11, 2022 No contributions on March 12, 2022 No contributions on March 13, 2022 14 contributions on March 14, 2022 No contributions on March 15, 2022 1 contribution on March 16, 2022 1 contribution on March 17, 2022 3 contributions on March 18, 2022 No contributions on March 19, 2022 No contributions on March 20, 2022 2 contributions on March 21, 2022 11 contributions on March 22, 2022 2 contributions on March 23, 2022 No contributions on March 24, 2022 No contributions on March 25, 2022 No contributions on March 26, 2022 No contributions on March 27, 2022 No contributions on March 28, 2022 No contributions on March 29, 2022 1 contribution on March 30, 2022 1 contribution on March 31, 2022 No contributions on April 1, 2022 No contributions on April 2, 2022 No contributions on April 3, 2022 2 contributions on April 4, 2022 2 contributions on April 5, 2022 4 contributions on April 6, 2022 2 contributions on April 7, 2022 4 contributions on April 8, 2022 No contributions on April 9, 2022 No contributions on April 10, 2022 No contributions on April 11, 2022 No contributions on April 12, 2022 No contributions on April 13, 2022 No contributions on April 14, 2022 No contributions on April 15, 2022 No contributions on April 16, 2022 No contributions on April 17, 2022 No contributions on April 18, 2022 No contributions on April 19, 2022 1 contribution on April 20, 2022 No contributions on April 21, 2022 No contributions on April 22, 2022 No contributions on April 23, 2022 No contributions on April 24, 2022 3 contributions on April 25, 2022 2 contributions on April 26, 2022 3 contributions on April 27, 2022 4 contributions on April 28, 2022 No contributions on April 29, 2022 No contributions on April 30, 2022 No contributions on May 1, 2022 No contributions on May 2, 2022 10 contributions on May 3, 2022 1 contribution on May 4, 2022 No contributions on May 5, 2022 1 contribution on May 6, 2022 No contributions on May 7, 2022 No contributions on May 8, 2022 1 contribution on May 9, 2022 1 contribution on May 10, 2022 No contributions on May 11, 2022 No contributions on May 12, 2022 1 contribution on May 13, 2022 No contributions on May 14, 2022 No contributions on May 15, 2022 1 contribution on May 16, 2022 3 contributions on May 17, 2022 2 contributions on May 18, 2022 No contributions on May 19, 2022 No contributions on May 20, 2022 No contributions on May 21, 2022 No contributions on May 22, 2022 1 contribution on May 23, 2022 No contributions on May 24, 2022 3 contributions on May 25, 2022 1 contribution on May 26, 2022 No contributions on May 27, 2022 No contributions on May 28, 2022 No contributions on May 29, 2022 No contributions on May 30, 2022 No contributions on May 31, 2022 4 contributions on June 1, 2022 4 contributions on June 2, 2022 1 contribution on June 3, 2022 No contributions on June 4, 2022 No contributions on June 5, 2022 No contributions on June 6, 2022 No contributions on June 7, 2022 No contributions on June 8, 2022 1 contribution on June 9, 2022 No contributions on June 10, 2022 No contributions on June 11, 2022 No contributions on June 12, 2022 No contributions on June 13, 2022 No contributions on June 14, 2022 No contributions on June 15, 2022 No contributions on June 16, 2022 2 contributions on June 17, 2022 No contributions on June 18, 2022 No contributions on June 19, 2022 No contributions on June 20, 2022 1 contribution on June 21, 2022 No contributions on June 22, 2022 2 contributions on June 23, 2022 3 contributions on June 24, 2022 No contributions on June 25, 2022 No contributions on June 26, 2022 No contributions on June 27, 2022 1 contribution on June 28, 2022 27 contributions on June 29, 2022 4 contributions on June 30, 2022 51 contributions on July 1, 2022 3 contributions on July 2, 2022 No contributions on July 3, 2022 No contributions on July 4, 2022 79 contributions on July 5, 2022 No contributions on July 6, 2022 1 contribution on July 7, 2022 82 contributions on July 8, 2022 3 contributions on July 9, 2022 1 contribution on July 10, 2022 2 contributions on July 11, 2022 No contributions on July 12, 2022 No contributions on July 13, 2022 41 contributions on July 14, 2022 No contributions on July 15, 2022 2 contributions on July 16, 2022 No contributions on July 17, 2022 1 contribution on July 18, 2022 No contributions on July 19, 2022 No contributions on July 20, 2022 69 contributions on July 21, 2022 9 contributions on July 22, 2022 7 contributions on July 23, 2022 No contributions on July 24, 2022 No contributions on July 25, 2022 No contributions on July 26, 2022 144 contributions on July 27, 2022 31 contributions on July 28, 2022 126 contributions on July 29, 2022 No contributions on July 30, 2022 No contributions on July 31, 2022 5 contributions on August 1, 2022 1 contribution on August 2, 2022 2 contributions on August 3, 2022 No contributions on August 4, 2022 4 contributions on August 5, 2022 2 contributions on August 6, 2022 5 contributions on August 7, 2022 96 contributions on August 8, 2022 No contributions on August 9, 2022 No contributions on August 10, 2022 No contributions on August 11, 2022 No contributions on August 12, 2022 No contributions on August 13, 2022 No contributions on August 14, 2022 No contributions on August 15, 2022 No contributions on August 16, 2022 No contributions on August 17, 2022 No contributions on August 18, 2022 No contributions on August 19, 2022 No contributions on August 20, 2022 No contributions on August 21, 2022 2 contributions on August 22, 2022 No contributions on August 23, 2022 2 contributions on August 24, 2022 No contributions on August 25, 2022 No contributions on August 26, 2022 No contributions on August 27, 2022 No contributions on August 28, 2022 No contributions on August 29, 2022 No contributions on August 30, 2022 No contributions on August 31, 2022 No contributions on September 1, 2022 No contributions on September 2, 2022 No contributions on September 3, 2022 No contributions on September 4, 2022 No contributions on September 5, 2022 1 contribution on September 6, 2022 No contributions on September 7, 2022 60 contributions on September 8, 2022 No contributions on September 9, 2022 No contributions on September 10, 2022 No contributions on September 11, 2022 1 contribution on September 12, 2022 No contributions on September 13, 2022 No contributions on September 14, 2022 No contributions on September 15, 2022 No contributions on September 16, 2022 No contributions on September 17, 2022 No contributions on September 18, 2022 No contributions on September 19, 2022 1 contribution on September 20, 2022 4 contributions on September 21, 2022 13 contributions on September 22, 2022 6 contributions on September 23, 2022 No contributions on September 24, 2022 No contributions on September 25, 2022 No contributions on September 26, 2022 No contributions on September 27, 2022 No contributions on September 28, 2022 No contributions on September 29, 2022 No contributions on September 30, 2022 No contributions on October 1, 2022 No contributions on October 2, 2022 131 contributions on October 3, 2022 2 contributions on October 4, 2022 No contributions on October 5, 2022 No contributions on October 6, 2022 No contributions on October 7, 2022 No contributions on October 8, 2022 No contributions on October 9, 2022 No contributions on October 10, 2022 No contributions on October 11, 2022 1 contribution on October 12, 2022 No contributions on October 13, 2022 No contributions on October 14, 2022 No contributions on October 15, 2022 No contributions on October 16, 2022 No contributions on October 17, 2022 No contributions on October 18, 2022 No contributions on October 19, 2022 No contributions on October 20, 2022 No contributions on October 21, 2022 No contributions on October 22, 2022 No contributions on October 23, 2022 No contributions on October 24, 2022 No contributions on October 25, 2022 No contributions on October 26, 2022 No contributions on October 27, 2022 No contributions on October 28, 2022 No contributions on October 29, 2022 No contributions on October 30, 2022 No contributions on October 31, 2022 No contributions on November 1, 2022 No contributions on November 2, 2022 No contributions on November 3, 2022 No contributions on November 4, 2022 15 contributions on November 5, 2022 No contributions on November 6, 2022 No contributions on November 7, 2022 No contributions on November 8, 2022 No contributions on November 9, 2022 No contributions on November 10, 2022 No contributions on November 11, 2022 No contributions on November 12, 2022 No contributions on November 13, 2022 No contributions on November 14, 2022 No contributions on November 15, 2022 No contributions on November 16, 2022 1 contribution on November 17, 2022 161 contributions on November 18, 2022 72 contributions on November 19, 2022 No contributions on November 20, 2022 No contributions on November 21, 2022 No contributions on November 22, 2022 No contributions on November 23, 2022 No contributions on November 24, 2022 No contributions on November 25, 2022 No contributions on November 26, 2022 No contributions on November 27, 2022 No contributions on November 28, 2022 No contributions on November 29, 2022 No contributions on November 30, 2022 No contributions on December 1, 2022 No contributions on December 2, 2022 No contributions on December 3, 2022 No contributions on December 4, 2022 No contributions on December 5, 2022 No contributions on December 6, 2022 1 contribution on December 7, 2022 No contributions on December 8, 2022 3 contributions on December 9, 2022 No contributions on December 10, 2022 No contributions on December 11, 2022 No contributions on December 12, 2022 No contributions on December 13, 2022 1 contribution on December 14, 2022 1 contribution on December 15, 2022 2 contributions on December 16, 2022 No contributions on December 17, 2022 No contributions on December 18, 2022 No contributions on December 19, 2022 No contributions on December 20, 2022 No contributions on December 21, 2022 No contributions on December 22, 2022 No contributions on December 23, 2022 No contributions on December 24, 2022 No contributions on December 25, 2022 No contributions on December 26, 2022 No contributions on December 27, 2022 No contributions on December 28, 2022 No contributions on December 29, 2022 No contributions on December 30, 2022 No contributions on December 31, 2022 No contributions on January 1, 2023 No contributions on January 2, 2023 No contributions on January 3, 2023 No contributions on January 4, 2023 No contributions on January 5, 2023 No contributions on January 6, 2023 No contributions on January 7, 2023 No contributions on January 8, 2023 4 contributions on January 9, 2023 No contributions on January 10, 2023 1 contribution on January 11, 2023 2 contributions on January 12, 2023 5 contributions on January 13, 2023 No contributions on January 14, 2023 No contributions on January 15, 2023 No contributions on January 16, 2023 3 contributions on January 17, 2023 No contributions on January 18, 2023 No contributions on January 19, 2023 No contributions on January 20, 2023 No contributions on January 21, 2023 No contributions on January 22, 2023 No contributions on January 23, 2023 3 contributions on January 24, 2023 No contributions on January 25, 2023 1 contribution on January 26, 2023 3 contributions on January 27, 2023 No contributions on January 28, 2023 No contributions on January 29, 2023 No contributions on January 30, 2023 No contributions on January 31, 2023 No contributions on February 1, 2023 Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Mon Wed Fri
Activity overview

Contribution activity

February 1, 2023

JLLeitschuh has no activity yet for this period.

Seeing something unexpected? Take a look at the GitHub profile guide.