19cyberoc (whitehat contest) secret service (hidden service) write up blog.munsiwoo.kr/2019/09/2019-w…

Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer that question based on discussions with others in the community bit.ly/ctf-design

Top 10 new web hacking techniques of 2019 portswigger.net/research/top-1…

Incredible research: $75,000 bounty🤯 "My research uncovered 7 0day vulnerabilities in Safari (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), 3 were used in kill chain to access the camera." ryanpickren.com/webcam-hacking…

From now until Christmas, I will try to share something from my notes / research every day - most of them are old but might still be useful to remember #XMas2020 #AppSec #Web #HTTP

The end of PHP LFI challenges (?) - hxp.io/blog/88/The-en…

Blind PostgreSQL Injection in DApp Interface (USD $20,000 Bounty) I'll be back soon with an English version post. Hang in there 😎 blog.munsiwoo.kr/2023/03/blind-…

all team member: Reinose Kim Dong-uk munsiwoo as3617 mhibio Jinheon Lee ρ4β stan Hyunsoo Cha n1net4il 1nteger_c c2w2m2 ironore15 G0RiYa only 14 korean teammates XD

Web Security vs. Binary Exploitation

A few deprecations shipped in Chrome 120. Data URLs in SVG <use> is now blocked. chromestatus.com/feature/512882… CSP Embedded Enforcement's implicit opt-in for same-origin iframes is gone. chromestatus.com/feature/509815…

We HypeBoy topped Plaid CTF 2024! 👑 Reinose Kim Dong-uk munsiwoo as3617 mhibio Jinheon Lee stan Hyunsoo Cha n1net4il 1nteger_c c2w2m2 pr0cf5 Minyeop Choi 대나무젓가락 ironore15 G0RiYa Thanks to the great support from dakuo & hellsonic

PlaidCTF is officially over!! Congratulations to our top-performing investigation teams! 1. "What's your ETA" (HypeBoy) 2. "Kalmar: Guardians of the Elven Veil - Paranormal Psyduck's Payback" (Kalmarunionen) 3. "Spooky Maltese Ghosts" (Friendly Maltese Citizens)

Statement on glibc/iconv Vulnerability Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set affects PHP. Read our full statement at php.net/archive/2024.p…

0-click RCE Exploit for CVE-2024-10924 that affects 4 million WP sites 🤪 Secure your site ASAP! #WordPress #BugBounty #BugBountyTips

🔥 The "impossible" XXE in PHP? Not so impossible anymore. Our researcher Aleksandr Zhurnakov discovered an interesting combination of PHP wrappers and a feature of XML parsing in libxml2 to exploit it. Read: swarm.ptsecurity.com/impossible-xxe…