I can only vouch

舞台裏はシンプルだった。日本語環境と英語環境。 「添付"致"します」だと救われなかった模様

For this year Google CTF I created yet another Postviewer challenge called Postviewer v5². The challenge featured a seemingly impossible race-condition. Client-side race-conditions are an under-researched problem and could yield amazing real world bugs! gist.github.com/terjanq/e66c28…

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). dirkjanm.io/extending-ad-c… Oh, and a new tool for SCEP: github.com/dirkjanm/scepr…

New Blog Post: Disclosing "PermissionJacking," a Safari bug that lets websites trick you into giving camera, mic, gps... access. After a lengthy back-and-forth, Apple's decision is that this is not a security issue, I disagree. Includes new attack vector github.com/RenwaX23/X/blo…

My article "High-Performance Network Scanning with AF_XDP" has been released on the 72th issue of Phrack. phrack.org/issues/72/3_md…

We just won HITCON CTF with [:] (SLICES) GGs everyone else ! 🎉 SLICES teams: Squid Proxy Lovers Infobahn L3ak CubeMastery Equivalent XCHG .;,;.

We published a blogpost about SafeContentFrame - a library for rendering untrusted content inside an iframe. The library is a big party of what I've been up to in the few last years! Check out the blog and take a slice of my birthday cake 🎂! bughunters.google.com/blog/671552987…

Ok managed to get a wild memory access now (it's accessing `addr + offset` where `offset` is a really large but controllable value. With the correct heap spray, this is basically an arbitrary write primitive. Will do a quick writeup on the vulnerability now before I continue!

[420885124] Intercepting console errors might lead to XSSI crbug.com/420885124

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers. Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits. osec.io/blog/2025-10-1…

HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:

i am calling it, the WhatsApp pwn2own entry is fake.

I have made a thorough analysis of the Balancer attack: blog.weilinli.io/posts/balancer… --- Yesterday, on July 3, 2025, Balancer was hacked for over $100 million due to a precision-loss bug. While the official post-mortem hasn’t been released yet, most pools are already paused or

Infobahn CTF starts in 24 hours! Prizes worth over $3000! Challenges across Web, Reverse Engineering, Cryptography, Binary Exploitation, Jail, and more. Sponsored by Google Cloud, OffSec, OtterSec, RET2 Systems, Cybersharing, and Rapid Risk Radar. 2025.infobahnc.tf

Final 24 Hours! Wave 3 is live! We've added 2 brand-new web challenges. 8 challenges are still unsolved (5 web, 1 pwn, 1 rev, 1 jail). 10 flags are waiting. Go get them! 2025.infobahnc.tf

Infobahn CTF 2025 is officially over! Congratulations to all the players and a special shout-out to our winning teams! 1. MNGA (Nu1L) 2. no rev/pwn no life (r3kapig) 3. KCSC We hope you all enjoyed the challenges!

woah... [446113731, 446113732, 446122633, 446124892, 446124893][wasm-custom-desc] Fix subtyping chromium-review.googlesource.com/c/v8/v8/+/6973… Exploited in v8ctf as 0-days & chained with issue 446113730(v8sbx bypass)

react2shell:11/29/25:lachlan2k:sy1vi3 sha256:18571097aedaec16f729c4227e1e508fe161d5d6b4256eec7d0525535ebb3fa0 cve.org/CVERecord?id=C…