I am a security researcher at GitHub, where I find and disclose vulnerabilities in open source software, and publish my research as advisories and blog posts.
Check out some of my blog posts:
- CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
- CodeQL zero to hero part 2: getting started with CodeQL
- CodeQL zero to hero part 3: security research
- CodeQL zero to hero part 4: Gradio case study
- CodeQL zero to hero part 5: debugging queries
All supplementary queries, challanges and instructions to the CodeQL zero to hero blog posts are available in the codeql-zero-to-hero repo.
I've found 80+ CVEs. Most of my advisories are published on GitHub Security Lab's website, together with other great researchers from GitHub. Check out our work at securitylab.github.com/advisories.