HexRabbit

@h3xr4bb1t

CTF pwnable / gamer / anime

Taiwan
Vrijeme pridruživanja: veljača 2019.

Tweetovi

Blokirali ste korisnika/cu @h3xr4bb1t

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @h3xr4bb1t

  1. proslijedio/la je Tweet
    5. velj

    っていうかHex-Raysのサイトめっちゃ変わっとるやんけ、あの2000年代の素朴なHTMLみたいなページはどこ行ったんだ

    Poništi
  2. proslijedio/la je Tweet
    1. velj

    Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. Make sure to update!

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    23. sij

    Ok let's close the script. That can't possibly work right? <script> x = '<!--<script>' </script>/-alert(1) </script>

    Poništi
  4. proslijedio/la je Tweet
    12. sij

    Checkout 's great writeup on md15 from CTF ( - you rock!) - . Interesting point: if we run this on WSLv1, it's immediately fail (due to different behavior in the loader) on the whole point of the chg, revealing everything ;)

    Poništi
  5. proslijedio/la je Tweet
    Poništi
  6. proslijedio/la je Tweet
    10. sij

    Old news, but just for fun - the fact that the XMMs registers aren't reset (by the calling convention) is quite useful for pwns in CTFs. And not only for controlled data or heap addresses, libc as well ;) (Highly depends on compilation flags and distributions, of course)

    Poništi
  7. proslijedio/la je Tweet
    21. pro 2019.

    Pwning VMWare, Part 1: RWCTF 2018 Station-Escape

    Poništi
  8. proslijedio/la je Tweet
    22. pro 2019.
    Poništi
  9. proslijedio/la je Tweet
    18. pro 2019.

    Today’s episode is about a typical race condition with file paths. Haxember #18 File Path Race Condition & How To Prevent It

    Poništi
  10. proslijedio/la je Tweet
    15. pro 2019.
    Poništi
  11. 13. pro 2019.
    Poništi
  12. proslijedio/la je Tweet
    5. pro 2019.

    Challenge 👉🏻 DM me if you solved it :)

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    30. stu 2019.

    Here is a recent writeup that I did. It's not as indepth as I want. I'll write a definitive guide for hunting these bugs starting with 0 knowledge when I'm home in a few weeks. I'll also upload all my pocs to github, including recent bugs. I'm pissed. Bye

    Poništi
  14. proslijedio/la je Tweet
    21. stu 2019.
    Poništi
  15. proslijedio/la je Tweet

    DM解放してから毎日ポケモン図鑑を送ってくる方がいたんだけど、ヒトカゲについて教えてくれた先週木曜日から更新が途絶えて、少し心配してたら冷静になっただけだった。

    Poništi
  16. proslijedio/la je Tweet
    31. lis 2019.

    I published my slides at CODE BLUE 2019: "Let's Make Windows Defender Angry: Antivirus can be an oracle!" This presentation is a summary of works on AVOracle for these half years, and I presented a new use of Windows Defender as a file modifier. Enjoy!

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    27. lis 2019.

    Research went better than expected. No manual work was involved in creating this screenshot. All type information was automatically generated and automatically applied to a freshly-created database.

    Poništi
  18. 24. lis 2019.

    My writeup for CTF I solved challenge "Baby Kernel 2" and "Teen Kernel"

    Poništi
  19. proslijedio/la je Tweet
    18. lis 2019.
    Odgovor korisniku/ci

    And for digging deeper there's the Mojo bindings for javascript that are fun to play with:

    Poništi
  20. proslijedio/la je Tweet
    13. lis 2019.

    🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌 🏃 🚌💨🏃 💨 🏃 🏃 🚶 🚶‍♂️oh fuck I missed the bus

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·