Hacker Newsnew | past | comments | ask | show | jobs | submit | pentestercrab's submissionslogin
1.
New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails (elttam.com)
1 point by pentestercrab 5 months ago | past
2.
Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
2 points by pentestercrab 6 months ago | past | 1 comment
3.
Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
3 points by pentestercrab 7 months ago | past
4.
RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte (github.com/rubygems)
1 point by pentestercrab 8 months ago | past
5.
CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons (pentesterlab.com)
1 point by pentestercrab 8 months ago | past
6.
Shiny Vulnerabilities in R's Most Popular Web Framework (nastystereo.com)
1 point by pentestercrab 8 months ago | past
7.
PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos (pentesterlab.com)
1 point by pentestercrab 8 months ago | past
8.
Cross-Site Post Requests Without a Content-Type Header – CSRF Attack (nastystereo.com)
2 points by pentestercrab 8 months ago | past
9.
Execute commands by sending JSON? Ruby deserialization vulnerabilities (github.blog)
2 points by pentestercrab 8 months ago | past
10.
JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review (pentesterlab.com)
3 points by pentestercrab 8 months ago | past
11.
Chosen-Prefix Collisions on AES-Like Hashing (iacr.org)
2 points by pentestercrab 8 months ago | past
12.
Ruby 3.4 Universal RCE Deserialization Gadget Chain (nastystereo.com)
2 points by pentestercrab 8 months ago | past | 1 comment
13.
Ruby's String Slice is Broken (nastystereo.com)
3 points by pentestercrab 9 months ago | past | 2 comments
14.
Evaluate Markdown code blocks within Vim (github.com/gpanders)
68 points by pentestercrab 9 months ago | past | 18 comments
15.
SQL Injection Polyglot Payloads (nastystereo.com)
1 point by pentestercrab 9 months ago | past
16.
Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
2 points by pentestercrab 10 months ago | past | 1 comment
17.
Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
4 points by pentestercrab 10 months ago | past
18.
Fuzz Map – fuzzer for GUIs that automatically builds a visual map (fuzzmap.io)
1 point by pentestercrab on June 27, 2024 | past
19.
nastystereo.com (nastystereo.com)
1 point by pentestercrab on June 27, 2024 | past
20.
A Single File Ruby on Rails Application (molnar.io)
3 points by pentestercrab on May 27, 2024 | past | 4 comments
21.
Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402 (gitlab-com.gitlab.io)
3 points by pentestercrab on May 3, 2024 | past
22.
Judge0 Sandbox Escape – allows obtaining root permissions (tantosec.com)
3 points by pentestercrab on April 30, 2024 | past
23.
Discovering Deserialization Gadget Chains in Rubyland (includesecurity.com)
2 points by pentestercrab on March 14, 2024 | past
24.
Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net)
2 points by pentestercrab on Jan 29, 2024 | past
25.
Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator (elttam.com)
1 point by pentestercrab on Jan 23, 2024 | past
26.
Talkback – infosec resource aggregator of news and research (talkback.sh)
2 points by pentestercrab on March 31, 2023 | past
27.
PHP filter chains: file read from error-based oracle (synacktiv.com)
1 point by pentestercrab on March 23, 2023 | past
28.
PHP Development Server <= 7.4.21 – Remote Source Disclosure (projectdiscovery.io)
1 point by pentestercrab on Jan 29, 2023 | past
29.
Viewing Secrecy Through “Blank Spots on the Map” (2009) (fas.org)
4 points by pentestercrab on Jan 22, 2023 | past
30.
The search for the “perfect” Advent Calendar (2018) (jgc.org)
1 point by pentestercrab on Dec 8, 2022 | past

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: