Recent Posts

• New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails
  by pentestercrabon 3/5/2025, 5:00:39 AM with 0 comments
• Escaping Ruby's Gem:SafeMarshal Sandbox
  by pentestercrabon 1/10/2025, 5:14:34 PM with 1 comment
• Escaping Ruby's Gem:SafeMarshal Sandbox
  by pentestercrabon 12/26/2024, 5:30:27 AM with 0 comments
• RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte
  by pentestercrabon 12/7/2024, 6:22:37 AM with 0 comments
• CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons
  by pentestercrabon 12/3/2024, 5:38:59 PM with 0 comments
• Shiny Vulnerabilities in R's Most Popular Web Framework
  by pentestercrabon 12/2/2024, 3:54:15 PM with 1 comment
• PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos
  by pentestercrabon 11/27/2024, 4:16:25 PM with 0 comments
• Cross-Site Post Requests Without a Content-Type Header – CSRF Attack
  by pentestercrabon 11/27/2024, 9:28:30 AM with 0 comments
• Execute commands by sending JSON? Ruby deserialization vulnerabilities
  by pentestercrabon 11/25/2024, 7:44:32 AM with 0 comments
• JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review
  by pentestercrabon 11/25/2024, 6:45:10 AM with 0 comments
• Chosen-Prefix Collisions on AES-Like Hashing
  by pentestercrabon 11/25/2024, 6:01:51 AM with 0 comments
• Ruby 3.4 Universal RCE Deserialization Gadget Chain
  by pentestercrabon 11/25/2024, 5:29:51 AM with 1 comment
• Ruby's String Slice is Broken
  by pentestercrabon 11/4/2024, 6:28:52 AM with 1 comment
• Evaluate Markdown code blocks within Vim
  by pentestercrabon 10/26/2024, 12:08:29 PM with 11 comments
• SQL Injection Polyglot Payloads
  by pentestercrabon 10/22/2024, 3:08:06 PM with 0 comments
• Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall
  by pentestercrabon 10/1/2024, 1:57:41 AM with 1 comment
• Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall
  by pentestercrabon 9/27/2024, 7:21:09 AM with 0 comments
• Fuzz Map – fuzzer for GUIs that automatically builds a visual map
  by pentestercrabon 6/27/2024, 7:21:46 PM with 0 comments
• nastystereo.com
  by pentestercrabon 6/27/2024, 7:06:25 PM with 0 comments
• A Single File Ruby on Rails Application
  by pentestercrabon 5/27/2024, 4:22:42 PM with 1 comment
• Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402
  by pentestercrabon 5/3/2024, 4:23:16 PM with 1 comment
• Judge0 Sandbox Escape – allows obtaining root permissions
  by pentestercrabon 4/30/2024, 2:37:36 AM with 0 comments
• Discovering Deserialization Gadget Chains in Rubyland
  by pentestercrabon 3/14/2024, 12:41:36 AM with 0 comments
• Blind CSS Exfiltration: exfiltrate unknown web pages
  by pentestercrabon 1/29/2024, 9:33:16 AM with 0 comments
• Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator
  by pentestercrabon 1/23/2024, 5:45:50 AM with 0 comments
• Talkback – infosec resource aggregator of news and research
  by pentestercrabon 3/31/2023, 5:13:28 AM with 0 comments
• PHP filter chains: file read from error-based oracle
  by pentestercrabon 3/23/2023, 4:15:35 AM with 0 comments
• PHP Development Server <= 7.4.21 – Remote Source Disclosure
  by pentestercrabon 1/29/2023, 12:57:01 PM with 0 comments
• Viewing Secrecy Through “Blank Spots on the Map” (2009)
  by pentestercrabon 1/22/2023, 3:24:19 AM with 0 comments
• The search for the “perfect” Advent Calendar (2018)
  by pentestercrabon 12/8/2022, 3:35:23 AM with 0 comments
• RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
  by pentestercrabon 12/7/2022, 2:32:29 AM with 0 comments
• Reverse Branch Target Buffer Poisoning – New ASLR Bypass via CPU Vulns [pdf]
  by pentestercrabon 11/4/2022, 7:44:35 AM with 0 comments
• The latest OpenSSL vulns were added fairly recently
  by pentestercrabon 11/2/2022, 3:13:52 PM with 16 comments
• Ask HN: How are you, a dev/programmer, preparing for climate change?
  by pentestercrabon 10/12/2022, 3:44:29 AM with 2 comments
• It Pays to Be Circomspect
  by pentestercrabon 9/15/2022, 4:02:10 AM with 1 comment
• Attacking Firecracker: AWS' MicroVM Monitor Written in Rust
  by pentestercrabon 9/8/2022, 4:20:36 PM with 8 comments
• Multiple vulnerabilities in Nuki smart locks
  by pentestercrabon 7/25/2022, 11:58:02 AM with 0 comments
• Golang Code Review Notes by Elttam
  by pentestercrabon 6/30/2022, 6:38:07 AM with 0 comments
• Notes on OpenSSL remote memory corruption by Guido Vranken
  by pentestercrabon 6/27/2022, 6:03:16 AM with 4 comments
• ESP-IDF Setup Guide – Setting up an environment for ESP32 vulnerability research
  by pentestercrabon 6/6/2022, 6:28:08 AM with 0 comments
• Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x
  by pentestercrabon 4/13/2022, 3:22:57 AM with 0 comments
• Git honours embedded bare repos and exploitation via core.fsmonitor
  by pentestercrabon 4/13/2022, 3:13:09 AM with 0 comments
• Ruby Deserialization Exploitation – New Gadget Chain for Ruby on Rails
  by pentestercrabon 3/29/2022, 12:57:37 AM with 0 comments