June 1, 2021 | 08:13
Reading-Time: ca. 1 Min

Use Git! Publish Git-Repositories!

Many PoCs appear as textfiles with references to company websites or blogs. Reverse engineer Axel Souchet publishes his PoCs in a way I find more convenient and much better: As a git repository. Here his latest release on CVE-2021-28476 from a few hours ago, how via RCE a guest can breakout of a HyperV environment1.

The further course of a publication is not less exciting, if to be learned and understood. And there are always questions or additions to something. As an example in the screenshot below the commits of an older PoC to CVE-2019-9810 from last year2.

Screenshot of commits

Only the fact that Microsoft GitHub is used as a hosting platform leaves a bad taste. With Codeberg.org there is a small, non-commercial and donation-funded alternative without collecting behavioural data3.

Creating your own Gitea instance is not witchcraft either, at least not for developers and techies4. The web interface makes it easy to use even for non-techies. Git is the best way to deal with complex processes with multiple participants and stakeholders in a transparent and traceable way. Hence my encouragement:

Use Git! Publish Git-Repositories!

Tomas Jakobs

  1. https://github.com/0vercl0k/CVE-2021-28476 ↩︎

  2. https://github.com/0vercl0k/CVE-2019-9810/commits/master ↩︎

  3. https://codeberg.org/ ↩︎

  4. https://blog.jakobs.systems/blog/gitea-statt-github/ ↩︎

© 2021 Tomas Jakobs - Imprint and Legal Notice