Featured Articles

WordPress Multisite on the Darknet (Mercator .onion alias)
Hardening Guide for phpList
Techlore Interview (BusKill, Interdiction, and OpSec)
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Detecting (Malicious) Unicode in GitHub PRs
Crowdfunding on Crowd Supply (Review of my experience)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Why I was banned from GrapheneOS by Daniel Micay
previous arrow
next arrow

Detecting (Malicious) Unicode in GitHub PRs

By Michael Altfield, on November 22nd, 2021
Detecting Malicious Unicode in GitHub Pull Requests

This article will describe how you can utilize GitHub Actions to scan user-contributed PRs for unicode and automatically warn you if such commits contain (potentially invisible & malicious) unicode characters.

Why

Last month Trojan Source was published — which described how malicious unicode characters could make source code appear benign, yet compile to something quite malicious.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Detecting (Malicious) Unicode in GitHub PRs

One comment  

Re: The problem with wikipedia

By Michael Altfield, on April 24th, 2008

Alright, I’ve been working on my research paper (an attempt to document the history and differences, and an overall comparison between the Microsoft DirectX API and the SGI OpenGL API), so I’ve been caught in the inevitable wikipedia trap. Here was my path:

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Re: The problem with wikipedia

Leave a comment