Show newer

RT @aszx87410
Here is my writeup for a XSS challenge that requires the player to chain multiple vulns, Including:
1. Prototype pollution
2. CSS injection on <meta>
3. Angular CSP bypass new gadget
4. DOM clobbering

Some tricks are classic and some are new

RT @stdnoerr
A blog about my first eBPF CTF challenge. Learned too much that I wanted to document it. Writeups and exploits by @_manfp, @n0psledbyte and @chompie1337 helped a lot in understanding things

RT @mehunhoff
🚨 Today we're excited to release Ghidrathon, a Ghidra extension that adds modern Python 3 scripting (including Python 3.10) to Ghidra!

Blog 👉
GitHub 👉

RT @Bugcrowd
Can you popup an alert?😉

📣DM us a screenshot once complete
📣100 likes & we'll release a hint

15 winners⤵️
🥇5 winners: hoodies
🥈5 winners: t-shirts
🥉5 winners: stickers + glasses

GO 👉
Challenge by @MRCodedBrain

RT @linkersec
CoRJail: From Null Byte Overflow To Docker Escape Exploiting poll_list Objects In The Linux Kernel

D3v17 published an article describing the solution of their @cor_ctf challenge CoRJail.

Óbvio! Tinha que haver "inteligentes" que só recebem emails do e do 🤦‍♂️

F2ABE80249: to=<>,[]:25, status=deferred (host[] refused to talk to me: 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

RT @0vercl0k
I just released the source code of Paracosme: a zero-click remote memory corruption exploit I demonstrated at Pwn2Own 2022 Miami 🐛🐜🪲

RT @aszx87410
Here is my writeup for a challenge called modernweb, it's a very cool challenge about a new way to leverage DOM clobbering

Show older