RyotaK (@ryotak.net) — bluesky.baby

Clone2Leak: Your Git Credentials Belong To Us Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at GMO Flatt Security Inc. In October 2024, I was hunting bugs for the GitHub Bug Bounty program. After investigating GitHub Enterprise...

I published a blog post about six vulnerabilities in Git/GitHub-related projects. They all result in credential leakage when cloning a malicious repository, so be sure to update the Git installation!

flatt.tech/research/pos...

27.01.2025 10:54 👍 8 🔁 1 💬 0 📌 0

Thank you so much for reading it!

10.12.2024 04:08 👍 0 🔁 0 💬 0 📌 0

Thank you for reading it ;)

07.12.2024 12:38 👍 0 🔁 0 💬 0 📌 0

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...

If you're interested in the technical details, I wrote the blog post here: flatt.tech/research/pos...

For the further details, please check out the announcement from the OpenWrt team: lists.openwrt.org/pipermail/op... (2/2)

07.12.2024 09:47 👍 17 🔁 8 💬 0 📌 1

[PSA]
If you're using OpenWrt router and have used the Attended sysupgrade, firmware-selector.openwrt[.]org or CLI upgrade previously, I recommend you to re-flash your firmware.

Due to a security issue, it was possible to pollute the firmware images delivered to these tools. (1/2)

07.12.2024 09:47 👍 9 🔁 2 💬 1 📌 0

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...

OpenWrtのビルド用サーバーに脆弱性を報告しました。

Attended sysupgrade、firmware-selector.openwrt[.]orgあるいはCLIからのアップグレードを過去に実施した場合、改ざんされたファームウェアが配信された可能性が完全には否定できないため、ファームウェアの再更新を推奨します。

技術的解説についてはこちらの記事をご確認ください。 flatt.tech/research/pos...

公式からの発表はこちらをご覧ください。 lists.openwrt.org/pipermail/op...

07.12.2024 09:46 👍 9 🔁 2 💬 0 📌 0

そのうちやる: BlueskyとTwitterの自動ポスト

27.11.2024 12:39 👍 0 🔁 0 💬 0 📌 0

ねむ

13.02.2024 07:11 👍 1 🔁 0 💬 0 📌 0

[びじゅチューン！] 何にでも牛乳を注ぐ女 | NHK 「びじゅチューン！」は放送後1週間見逃し配信をしています！https://www.nhk.jp/p/bijutune/ts/MPPMVRL98N/plus/?cid=dchk-yt-1912-126-st発想の源はフェルメール「牛乳を注ぐ女」。絵の中の女が注いでいる牛乳が、やけに細く描かれている。これは料理の仕上...

www.youtube.com/watch?v=pia0...

13.02.2024 04:57 👍 2 🔁 2 💬 0 📌 1

ねこぱっぱ

13.02.2024 04:41 👍 2 🔁 2 💬 0 📌 0

Bluesky、まだフェデレーションできないのか

13.02.2024 03:03 👍 0 🔁 0 💬 0 📌 0

Dynamicな波

13.02.2024 02:29 👍 5 🔁 2 💬 0 📌 0

UnstableなTableはかなり嫌だな

13.02.2024 02:32 👍 2 🔁 0 💬 0 📌 0

StableなTable

12.02.2024 13:55 👍 8 🔁 2 💬 0 📌 0

オヤジギャグ系エンジニアであるところの @ryotak.net

12.02.2024 13:28 👍 1 🔁 1 💬 0 📌 0

@ryotak.net 「だいぶTwitterだなぁ」
@ryotak.net 「『だいぶTwitter』の『ﾀﾞｲﾌﾞﾂ』の部分」

12.02.2024 13:28 👍 1 🔁 2 💬 0 📌 0

だいぶTwitterの大仏の部分 by RyotaK

12.02.2024 13:28 👍 1 🔁 2 💬 0 📌 0

じゃああねてあさんは邪悪の悪で

12.02.2024 13:25 👍 2 🔁 0 💬 0 📌 1

独自ドメインヨシ！

12.02.2024 13:20 👍 2 🔁 0 💬 0 📌 1

RyotaK

Latest posts by RyotaK @ryotak.net