Search
Featured posts
![Thumbnail](/_next/image?url=http%3A%2F%2Fnginx%2Fimg%2Fblog%2Fctfd.png&w=3840&q=75)
XS-Leaking flags with CSS: A CTFd 0day
Due to an XS-Leak vulnerability I found in CTFd versions 3.7.2 and below, it was possible to leak flags from admins. Using a novel technique abusing browser history and CSS it could be completely automated
![Thumbnail](/_next/image?url=http%3A%2F%2Fnginx%2Fimg%2Fblog%2Fdevglan.png&w=3840&q=75)
Cracking an online Password Encryption tool
How I recovered a friend's password by reverse engineering an online encryption service, and brute forcing a PIN locally. Learn about AES and black-box discovery, as well as some attacks
![Thumbnail](/_next/image?url=http%3A%2F%2Fnginx%2Fimg%2Fblog%2Fintigriti_xss_0324.png&w=3840&q=75)
Intigriti March XSS Challenge (0324)
A Cross-Site Scripting challenge from Intigriti involving prototypes without pollution, lowercase Unicode characters, and a trick to execute arbitrary JavaScript with a tiny payload.
![Thumbnail](/_next/image?url=http%3A%2F%2Fnginx%2Fimg%2Fblog%2Fliveoverflow_2.jpg&w=3840&q=75)
Part 2: The New LiveOverflow Minecraft Hacking Server
Part 2 of the LiveOverflow Minecraft Server series. Search for the new server, crack base coordinates from bedrock formations, and teleport through walls!