I am a security researcher at GitHub, where I find and disclose vulnerabilities in open source software, and publish my research as advisories and blog posts.
Check out some of my blog posts:
- CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research. Link to the challenges accompanying the blog post
- CodeQL zero to hero part 2: getting started with CodeQL. Link to the challenges accompanying the blog post
- CodeQL zero to hero part 3: security research. Link to the challenges accompanying the blog post
- CodeQL zero to hero part 4: Gradio case study. Link to the challenges accompanying the blog post
Most of my advisories are published on GitHub Security Lab's website, together with other great researchers from GitHub. Check out our work at securitylab.github.com/advisories.