-
Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x
-
ExifTool CVE-2021-22204 - Arbitrary Code Execution
-
SerenityOS - Writing a full chain exploit
-
Universal Deserialisation Gadget for Ruby 2.x-3.x
-
GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty
-
GitHub Gist - Account takeover via open redirect - $10,000 Bounty
-
GitHub - RCE via git option injection (almost) - $20,000 Bounty
-
movcode - Tasteless CTF 2020
-
BountyPay - HackerOne's H1-2006 CTF
-
Secure Boot - Google CTF 2019 Quals
-
JIT - Google CTF Quals 2019
-
xtore - Security Fest 2019
-
p4fmt - CONFidence CTF 2019 Teaser
-
CVE-2018-4360 - WebKit Information Leak with DOMMatrix.invertSelf
-
echoechoechoecho - Insomni'hack Teaser 2019
-
1118daysober - Insomni'hack Teaser 2019
-
Green Computing - hxp CTF 2018
-
q-escape - SECCON 2018
-
internet_of_seat - SECCON 2018
-
PLC - CSAW Quals 2018
-
Turtles - CSAW Quals 2018
-
Execve Sandbox - Google CTF 2018
-
SFTP - Google CTF 2018
-
retter - RCTF 2018
-
r-cursive - RCTF 2018
-
amp - RCTF 2018
-
Note Oriented Programming - DEF CON CTF Qualifier 2018
-
shellql - DEF CON CTF Qualifier 2018
-
vectors - Blaze CTF 2018
-
blazefox - Blaze CTF 2018
-
blazeme - Blaze CTF 2018
-
Sunshine CTF 2018
-
TP-Link Archer C9 - Admin Password Reset and RCE (CVE-2017-11519)
-
Pyzzeria - polictf 2017
-
Start Hard - ASIS CTF Quals 2017
-
Integrity - 0CTF 2017 Quals
subscribe via RSS