Michael Stepankin
@artsploit.com
📤 188
📥 49
📝 1
Security Researcher at GitHub Security Lab, ex Portswigger.
https://artsploit.blogspot.com/
reposted by
Michael Stepankin
GitHub Security Lab
about 2 months ago
What if attackers could hijack your coding agent through a simple GitHub issue? Prompt injections are a real and growing threat for VS Code Copilot Agent. Learn how these attacks work and how you can defend your environment. Read the full research:
github.blog/security/vul...
loading . . .
Safeguarding VS Code against prompt injections
See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
0
5
2
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more!
github.blog/security/vul...
9 months ago
1
28
16
reposted by
Michael Stepankin
ϻг_ϻε
11 months ago
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy! Remote Code Execution with Spring Properties ::
srcincite.io/blog/2024/11...
loading . . .
Remote Code Execution with Spring Properties
Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...
https://srcincite.io/blog/2024/11/25/remote-code-execution-with-spring-properties.html
1
76
38
reposted by
Michael Stepankin
James Kettle
11 months ago
How's your day going?
2
26
2
you reached the end!!
feeds!
log in