Protected: HttpOnly vs SameSite vs Secure / CSP
There is no excerpt because this is a protected post.
Proudly powered by WordPress
Theme: razia by ashathemes.
Protected: random
There is no excerpt because this is a protected post.
[wolvctf] writeup(s)
https://ctftime.org/event/2240 I participated wolvctf as the KUICS team and scored 15th among 622 teams. Sanity Check wctf{4_c0py_4nd_p4s+3_r4c3} [rev] doubledelete’s revenge wctf{i_th1nk_y0u_m1sund3rst00d_h0w_r0t13_w0rk5} Value: 100 Solve Count: 105 Description: The notorious WOLPHV group has re-emerged and doubledelete is now ransoming us for our flags! Can you help us so we don’t have to pay them? https://github.com/WolvSec/WolvCTF-2024-Challenges-Public/tree/master/rev/doubledeletes_revenge The.
[dreamhack] captain-hook writeup
https://dreamhack.io/wargame/challenges/51 import frida import sys def on_message(message, data): print(message) # JavaScript code to be injected jscode = “”” var file = new File(“dump.txt”, “a”) //hook GdipSetSmoothingMode, add counter and print out counter each when it get called var counter = 0; const base = Module.findBaseAddress(‘CaptainHook.exe’) Interceptor.attach(Module.findExportByName(null, “GdipSetSmoothingMode”), { onEnter: function(args) { counter++; //console.log(“GdipSetSmoothingMode called: “.
Cracking Viginere Cipher
Vigenere Cipher Viginere cipher is a polyalphabetic cipher that encrypts by setting a period based on the key length. Therefore, when the cipher was first developed it was assumed that it would be safe from frequency attacks. However, when an attacker can guess the key length, it is no longer safe from frequency attacks. Guessing.
[CVE-2023-5757] How I found Stored XSS from 100K+ downloaded plugin
Back in October 2023, I was working on finding vulnerabilities in WordPress plugins. Among one of them, I found a vulnerability from WP Crowdfunding which had a 100K + download. It was a Stored XSS vulnerability that occurs in WP Crowdfunding version <= 2.1.8. What is WP Crowdfunding? WP Crowdfunding is a plugin that enables.
[SEEDLAB] SYSTEM SECURITY WRITEUP (Shellcode and Buffer Overflow) #10
First of all, some steps needs to bone to do tasks Disabling ASLR Linking /bin/zsh to /bin/sh Preparing vulnerable stack.c Task1: Exploiting the Vulnerability with BOFStep1. Constructing the content of badfile Following is the part where buffer overflow occurs: buffer address is required to exploit it. by looking at assembly, it can know that buffer.
[SEEDLAB] SYSTEM SECURITY WRITEUP (Environment Variables) #9
Task 1 – Passing Environment Variables from Parent Process to Child ProcessStep 1. Compile and run the following program && Step 2. Comment out the printenv() in thechild process (Line ②) Step 3. Compare the difference of these two files using diff command. They are both the same file. The reason why this is happening.
[SEEDLAB] SYSTEM SECURITY WRITEUP (Set-UID, Capability Leaking) #8
Task 1. Invoking External Program Using a system() vs an execve() Step 1. Environmental setup to bypass some mitigations The default /bin/sh is linked to /bin/dash. However, /bin/dash lowers the privilege even if the program is Set-UID. Hence for the tasks, I will link /bin/sh to /bin/zsh. Step 2. Compile the below program, make it.
[SEEDLAB] WEB SECURITY WRITEUP (XSS Lab Site) #7
Task 1: Posting a Malicious Message to Display an Alert Window It is a task that performs Stored XSS. Since Samy is an attacker, I signed up with Samy’s account: Edit profile page is as follows: The page allows editing HTML directly by “Edit HTML”. However, this feature does not sanitize any strings so it.