Here's my repository of Sourcegraph scripts: https://t.co/OLymssEug8. Sourcegraph is a great way to find vulns like RCE, XSS, and improper deserialization in GitHub repos. The scripts allow you to download files from Sourcegraph results and to run static analysis tools on them

😀 I am starting a fundraise for @picoctf. PicoCTF is free to everyone, and costs about $500k a year (🙀) to run. If you've had a positive experience with pico, please reply or DM. I'll use it in my fundraise pitch. Pls RT for awareness. #ctf #hacking

Finally arrived today! #flareon8

#flareon8 The hall of fame for this year is live. Congrats everybody, prizes start shipping this week.

🎉To celebrate the release of the Free Edition, here's a thread of some cool stuff you can do with REVEN ⬇️

The CrackMe challenge is on, good luck to everyone! https://t.co/6dU8O0wMIq

My writeup for #flareon8 task 9:

First time completed all challenges. Still wondering how the challenge #9 code was written to give me so much suffering. Waiting to see various write-ups. #flareon8

🔥 New video about #browser security available 🔴 You will learn how to: - Download Firefox ASAN - Hook @firefox with Frida - List all Firefox modules & exports functions - Hook methods & print HTTP traffic - Create in-process fuzzing @fridadotre script https://t.co/l2VMIAnph0

Finally, here is the blog for the prototype pollution research we did. "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild https://t.co/jsShZGlgKB

Challenge 7 completed. The best challenge so far! #flareon8

New Advisory: Use-After-Free in the Android ION Allocator - with commentary by @gymiru on why we are publishing a 0-day (hint: Google's own advertised disclosure policy goals)

It has been silence about TastelessCTF'21 for a while! Thus, time for announcements: 1) For maximum challenge quality and CTF experience, we reduced the playtime to 24h! New start time: Oct 2nd 13:00 UTC! 2) Vet your gamehacking skills! We will present "Tasteless Shores" to you!

Challenge #5 was anything but reversing. Anyway, that's done and dusted. Now, will do #6 over the weekend. #flareon8

People are trolling about level 3 but it is a nice challenge #flareon8

我发现主流的Git和Svn泄露利用工具存在极大的安全漏洞。 服务器可以构造恶意的文件名，利用路径穿越漏洞反制黑客，如果幸运的话可以拿到黑客电脑的权限。 经过测试，市面上公开的工具几乎*全军覆没* 详细的分析和POC生成方法以及测试结果已发在我的blog中↓ https://t.co/heMx4tK51c

yarh- for some reason on win11 the SAM file now is READ for users. So if you have shadowvolumes enabled you can read the sam file like this: I dont know the full extent of the issue yet, but its too many to not be a problem I think.

One year ago #SigRed (CVE-2020-1350) was patched. The RCE vulnerability allows an attacker to gain access as Domain Admin and own the entire network. Read our writeup on the the first public exploit from our very own @chompie1337!

Introducing DOM Invader: DOM XSS just got a whole lot easier to find https://t.co/ZaQblsLNVF