Skip to content
View p-'s full-sized avatar
105 followers · 22 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: Arctic Code Vault ContributorAchievement: Starstruck

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: Arctic Code Vault ContributorAchievement: Starstruck

Highlights

Organizations

@alphabotsec

Block or report p-

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
p-/README.md

👋 Hi, I’m Peter, also known as @p- or @ulldma. I'm a security researcher at the GitHub Security Lab. I've started out as a software engineer and have first hands experience what it means to protect applications against threats and fix vulnerabilities. I’m especially interested in vulnerabilities in implementations of authentication protocols and deserialization vulnerabilities. My main tool for querying and identifying vulnerabilities in source code is CodeQL.

Here are some authentication related vulnerabilities I've found:

Excerpt of some vulnerabilities due to unsafe deserialization I've found - covering 4 different programming languages (C#, Java, Ruby & Elixir):

  • CVE-2024-28213 - nGrinder vulnerable to unsafe Java objects deserialization
  • CVE-2022-36038 - Remote Code Execution (RCE) in CircuitVerse
  • CVE-2020-15150 - Paginator (for Elixir Ecto): Remote Code Execution Vulnerability
  • CVE-2018-8540 - Microsoft .NET Framework: Remote Code Injection Vulnerability

Pinned Loading

  1. socket-connect-bpf socket-connect-bpf Public

    Get live information about applications that make network requests (based on eBPF)

    C 44 8

  2. vscode-vyper vscode-vyper Public archive

    Vyper support for VS Code (alpha)

    TypeScript 20 7

  3. eclipse-keybindings eclipse-keybindings Public archive

    Eclipse editor keybindings for Atom

    CoffeeScript 16 9

  4. WebSocket-Client-Terminal WebSocket-Client-Terminal Public archive

    A graphical WebSocket Client Terminal written in Java.

    Java 15 2

  5. virtual-authenticators-tab virtual-authenticators-tab Public

    Forked from google/virtual-authenticators-tab

    Debug webauthn with a chrome extension that adds a virtual authenticators tab to devtools

    JavaScript

  6. nullcon-berlin-2023-workshop nullcon-berlin-2023-workshop Public

    Forked from github/vscode-codeql-starter

    Workspace + Codespace for Nullcon Berlin 2023 CodeQL workshop. Read README for setup instructions.

    CodeQL 4 2