@davidgl profile picture
David Leadbeater @davidgl

Open Source Software Engineer 👨‍💻 and Security. Mostly post at 🐘 infosec.exchange/@dgl

Joined April 2008
  • Tweets 132
  • Following 402
  • Followers 317
1 Photos and videos
You have a bash command line of "exec program ..." and you control "..." can you make it do something different? What if it is somewhat sanitised for shell metacharacters? If you can inject $[ ] it will make bash error on that line and run the next. 👀 dgl.cx/2025/10/bash-a-newlin…
153
I'll be speaking at BSides Canberra: cfp.bsidescbr.com.au/bsides-… -- this will cover my recent find of an RCE in Git (dgl.cx/2025/07/git-clone-sub…) and how that and some other vulnerabilities could be used against developers.

1
2
335
New blog post: Ghostty 1.0.0 terminal security; dgl.cx/2024/12/ghostty-termi… (CVE-2024-56803)
1
4
200
David Leadbeater retweeted
GR Open Source Software@oss_gr
5 Oct 2023
Latest write up from @davidgl detailing his research into terminal escapes and the 10 ‼️ @NISTcyber CVEs that had potential for remote code execution. @defcon @MSFTBlueHat @_everythingopen @linuxaustralia @linuxfoundation #opensource #cybersecurity gresearch.com/blog/article/g…

Unexpected Behaviour In Command Line Interfaces | G-Research

At G-Research we have many developers using different tools for their work, and this includes many different terminals. Our open source team decided it was worth spending time looking for security...

gresearch.com
3
1
338
For once a non-security terminal thing. I'm sure someone else has written this but I couldn't find it; here's a simple script that makes commit IDs in "git log" clickable (in many terminals): gist.github.com/dgl/ef848e75…
1
3
483
Thank you to everyone who attended my @_everythingopen talk, with more of my terminal research. I've published the Docker image PoC that I demoed, see infosec.exchange/@dgl/110019…

David Leadbeater (@dgl@infosec.exchange)

Thank you to everyone who attended my @everythingopen@fosstodon.org talk. I've published the Docker image that I demoed which can be used to test whether you're vulnerable to the kubectl issue...

infosec.exchange
3
6
436
David Leadbeater retweeted
Microsoft BlueHat
@MSFTBlueHat
9 Feb 2023
David Leadbeater @davidgl from G-Research has taken the #BlueHat stage for his talk: Houdini of the Terminal.
David Leadbeater

ALT David Leadbeater

1
2
12
1,434
David Leadbeater retweeted
Microsoft BlueHat
@MSFTBlueHat
5 Feb 2023
📣 Speaker Announcement 📣 David Leadbeater @davidgl, software engineer at G-Research, will be speaking at #BlueHat this week. David’s talk will explore over 20 years of terminal vulnerabilities, from attacks via Apache's log files to attacking via Kubernetes. 👏
BlueHat 2023: Meet Our Speakers Houdini of the Terminal: From Kubernetes to RCE David Leadbeater Software Engineer | G-Research Microsoft BlueHat: February 8-9, 2023

ALT BlueHat 2023: Meet Our Speakers Houdini of the Terminal: From Kubernetes to RCE David Leadbeater Software Engineer | G-Research Microsoft BlueHat: February 8-9, 2023
3
20
2,261
David Leadbeater retweeted
Graham Linehan
@Glinner
8 May 2012
Security tip for those about to appear on TV goo.gl/7YT1f

2
141
19
Wondering why twitter won't let me have a https:// url as my home page..
Load more