@artsploit profile picture
Michael Stepankin @artsploit

Agent Security Engineer at @Google

Joined July 2014
  • Tweets 293
  • Following 570
  • Followers 6,972
24 Photos and videos
Prompt injections are a serious concern for VS Code Copilot Agent. Discover how attackers can create GitHub issues with harmful instructions and find out how to protect the coding agent effectively. github.blog/security/vulnera…

Safeguarding VS Code against prompt injections

See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.

github.blog
1
6
10
1,492
The curious case of exploiting locally running web app securitylab.github.com/advis…

GHSL-2024-188_GHSL-2024-191: Several vulnerabilities in Deluge BitTorrent client - CVE-2025-46561,...

The WebUI component of Deluge is vulnerable to SSRF, unauthenticated arbitrary file read and limited file write. The Deluge client is vulnerable to software update spoofing.

securitylab.github.com
3
6
920
Michael Stepankin retweeted
watchTowr
@watchtowrcyber
20 Mar 2025
The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. labs.watchtowr.com/by-execut…

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication...

It’s us again! Once again, we hear the collective groans - but we're back and with yet another merciless pwnage of an inspired and clearly comprehensive RCE solution - no, wait, it's another vuln in...

labs.watchtowr.com
4
53
168
23,448
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
7
80
296
30,460
Here is the blog post: github.blog/security/vulnera…

Attacks on Maven proxy repositories

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local...

github.blog
18
58
4,423
Hyped to speak at @ekoparty in November!
Ekoparty | Hacking everything
@ekoparty
2 Oct 2024
Replying to @ekoparty
1
4
25
2,812
Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.
3
3
43
3,513
Michael Stepankin retweeted
Martin Doyhenard@tincho_508
9 Aug 2024
So happy to had the chance to present for second time at #BlackHat USA! I’m already receiving a lot of messages from people using these techniques to get some nice bounties! If you want to learn more about cache exploitation, the research is available at portswigger.net/research/got…

Gotta cache 'em all: bending the rules of web cache exploitation

Through the years, we have seen many attacks exploiting web caches to hijack sensitive information or store malicious payloads. However, as CDNs became more popular, new discrepancies between propriet

portswigger.net
3
58
224
36,324
Kafka UI can be a juicy target for bug hunters, here is why: github.blog/2024-07-22-3-way…

3 ways to get Remote Code Execution in Kafka UI

In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

github.blog
1
25
68
7,101
Michael Stepankin retweeted
Source Incite@sourceincite
22 Jul 2024
Time to retire some content! JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: srcincite.io/blog/2024/07/21…
44
140
18,031
We take pet’s security seriously!
publiclyDisclosed@disclosedh1
25 Jun 2024
Mars disclosed a bug submitted by @0xdr34m14: hackerone.com/reports/231347… #hackerone #bugbounty
1
6
1,543
Michael Stepankin retweeted
GitHub Security Lab
@GHSecurityLab
20 Jun 2024
🚨 New Blog Alert! 🚨 Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities in Ruby can be exploited and how they can be detected with CodeQL. 🔗 Read the full post: github.blog/2024-06-20-execu… Stay safe and code responsibly! 🛡️💻

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby...

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog...

github.blog
20
46
5,004
Michael Stepankin retweeted
Charles Fol@cfreal_
27 May 2024
The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very stable code execution exploit from a file read primitive. #cnext
Ambionics Security@ambionics
27 May 2024
Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) ambionics.io/blog/iconv-cve-…
8
58
170
30,518
Michael Stepankin retweeted
Man Yue Mo@mmolgtm
18 Mar 2024
In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gaini…

Gaining kernel code execution on an MTE-enabled Pixel 8

In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this...

github.blog
8
146
410
97,165
Michael Stepankin retweeted
shubs
@infosec_au
3 Feb 2024
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/resea…

Ivanti's Pulse Connect Secure Auth Bypass Round Two

The Ivanti excitement continues! After an authentication bypass and command injection to kick off the year, Ivanti are following with a second authentication bypass and a privilege escalation. On...

assetnote.io
3
86
351
32,789
Michael Stepankin retweeted
Alvaro Muñoz@pwntester
30 Nov 2023
Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️ github.blog/2023-11-30-secur… #CodeReview

1
18
63
10,508
Michael Stepankin retweeted
Man Yue Mo@mmolgtm
17 Oct 2023
In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: github.blog/2023-10-17-getti…
6
97
311
57,812
Michael Stepankin retweeted
Kev@kevin_backhouse
9 Oct 2023
Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.
0:10
8
103
371
128,677
Michael Stepankin retweeted
pyn3rd
@pyn3rd
13 Sep 2023
#CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
3
105
365
38,543
Some ideas on how to attack and protect mTLS and certificate authentication in my recent blogpost
GitHub Security Lab
@GHSecurityLab
21 Aug 2023
Unravel some hidden vulnerabilities in mTLS systems with @artsploit. As presented at @BlackHatEvents and @defcon this year, the research is now available in our blog. gh.io/mtls-research
2
7
27
7,446
Load more