Show newer

RT @aszx87410
Here is my writeup for a XSS challenge that requires the player to chain multiple vulns, Including:
1. Prototype pollution
2. CSS injection on <meta>
3. Angular CSP bypass new gadget
4. DOM clobbering
5. CSRF

Some tricks are classic and some are new

blog.huli.tw/2022/08/29/en/int

RT @stdnoerr
A blog about my first eBPF CTF challenge. Learned too much that I wanted to document it. Writeups and exploits by @_manfp, @n0psledbyte and @chompie1337 helped a lot in understanding things
stdnoerr.github.io/writeup/202

RT @mehunhoff
🚨 Today we're excited to release Ghidrathon, a Ghidra extension that adds modern Python 3 scripting (including Python 3.10) to Ghidra!

Blog 👉 mandiant.com/resources/blog/gh
GitHub 👉 github.com/mandiant/Ghidrathon

RT @Bugcrowd
🚨CHALLENGE TIME🚨
Can you popup an alert?😉

Rules⤵️
📣DM us a screenshot once complete
📣100 likes & we'll release a hint

15 winners⤵️
🥇5 winners: hoodies
🥈5 winners: t-shirts
🥉5 winners: stickers + glasses

GO 👉 bgcd.co/3PKAefZ
Challenge by @MRCodedBrain

RT @linkersec
CoRJail: From Null Byte Overflow To Docker Escape Exploiting poll_list Objects In The Linux Kernel

D3v17 published an article describing the solution of their @cor_ctf challenge CoRJail.

syst3mfailure.io/corjail

Óbvio! Tinha que haver "inteligentes" que só recebem emails do gmail.com e do live.com 🤦‍♂️

F2ABE80249: to=<suporte.encarregadosedu@igefe.mec.pt>, relay=rmail4.rae.mec.pt[193.236.75.227]:25, status=deferred (host rmail4.rae.mec.pt[193.236.75.227] refused to talk to me: 554-rmail4.rae.mec.pt 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)

RT @0vercl0k
I just released the source code of Paracosme: a zero-click remote memory corruption exploit I demonstrated at Pwn2Own 2022 Miami 🐛🐜🪲

github.com/0vercl0k/paracosme

RT @aszx87410
Here is my writeup for a challenge called modernweb, it's a very cool challenge about a new way to leverage DOM clobbering

blog.huli.tw/2022/08/21/en/cor

Show older