Shop is closed! We hope you had a lot of fun playing this year’s Hack.​lu CTF! Congratulations to everybody who solved challenges and especially the winners: 🥳 Congrats to the winners! 🎉 💪 🥇 @kalmarunionenDM 🥈 @justCatTheFish 🥉 @0rganizers https://t.co/e8nHgLE8B8

Hej! We are thrilled to announce @hack_lu CTF 2025 starts on Friday, October 17. Top teams can win prizes from our sponsors: OffensiveCon, Zellic, PortSwigger, Binary Ninja, and HackTheBox. All information on https://t.co/7RrfeQKgHV

Hacklu CTF is still running for ~23h! We still have some unsolved challenges, including: - 📱Android Flutter exploitation - 🦊 2 webs with Firefox bots - 🐒 pwning a 17 year old SpiderMonkey - ✍️ LaTeX madness Come play:  https://t.co/7RrfeQJISn

Webs Webs Webs Webs Webs

I found XSS in Roundcube and released a new announcement blog post about it today. Already excited to share the full details in a few weeks after people patched :)

Super excited to present this research at DEF CON! If you think SQL Injections have become a boring and repetitive topic, think again. There's a whole new layer to explore 👀

Can server-side scanning research be legal and ethical? For our upcoming @IEEESSP paper "Where are the red lines?" we talked to experts on law and ethics, and web operators. We discussed challenges, solutions and various fictional research scenarios. https://t.co/cTjFfiVRRl

Hacklu CTF is running at full steam with still ~23h left! 🚩 We got some great challenges waiting for you, including a 28-year-old 0-day in SSH, a Mastodon n-day, a QEMU escape, and many many more. Come try your luck 🎱👉

The game is on! You have 48h to prove your luck 👉 https://t.co/7RrfeQJISn

Super excited to publish this blog post! One of the most fun bugs I exploited so far, had to get creative and lose my mind reading the CSS spec for 2 days 🙃

Our paper "Finding All Cross-Site Needles in the DOM Stack - A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers" got accepted at ACM CCS 2023! @acm_ccs The camera-ready version will be available at https://t.co/E7PcJYlJTi. Tool will be on GitHub.

✨Our paper "Isolated and Exhausted: Attacking Operating Systems via Site Isolation in the Browser" will appear at USENIX Security '23 and is now available as a preprint: https://t.co/rp4DqVmXqV This work is by Matthias Gierlings, me (@lambdafu), and @JoergSchwenk 🧵👇

Just for completeness here is my solve script: https://t.co/XyYCi4Mn8z For anyone that wants another challenge try exploit this, with mysql instead of sqlite. 😈

Helped @justCatTheFish with yet another ctf and solved two highest scored challenges: HTPL from @BitK_ and foodAPI from @kunte_ctf. The former was a JS sandbox escape and the latter was about 0day in #denodb. Some useful tricks 🙃 https://t.co/3IqqiupHAi #hacklu @fluxfingers

The Hacklu 2022 CTF is over! Thank you for playing! Of course special congrats to the top 3 teams! 🥳 🏆 🥇 organizers 🥈 justCatTheFish 🥉 💦 CTF: https://t.co/rbPY4FAEo3 Challenges will still be up for a while. See you next Year! #hacklu #ctf @fluxfingers

Less than 24h until Hacklu CTF 2022 and the registration is now open! Sign up at https://t.co/7RrfeQJISn and prepare yourself for the finest hacking. #Hack_lu #CTF

I just published XSLeaker a tool that helps you to find potential #XSLeak vulnerabilities. https://t.co/uG2t10vKQR

#GoogleCTF is over! This year I prepared a race-condition based challenge which was a combination of #xsleaks #xss and other interesting client-side bugs. The challenge was solved by 10 teams and had unintended solutions, some of which are awesome! 😊 https://t.co/okdH1sHh1c

I would like to thank my co-authors @CheariX, @mniemietz, @DominikNo1, @JoergSchwenk and everyone at the NDS Chair. ♥️