pentestercrab's submissions

1.		Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net)
		1 point by pentestercrab 3 months ago \| past
2.		Marshal madness: A brief history of Ruby deserialization exploits (trailofbits.com)
		25 points by pentestercrab 4 months ago \| past \| 4 comments
3.		Breaking the Sorting Barrier for Directed Single-Source Shortest Paths (arxiv.org)
		99 points by pentestercrab 4 months ago \| past \| 3 comments
4.		New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails (elttam.com)
		1 point by pentestercrab 9 months ago \| past
5.		Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
		2 points by pentestercrab 11 months ago \| past \| 1 comment
6.		Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
		3 points by pentestercrab 12 months ago \| past
7.		RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte (github.com/rubygems)
		1 point by pentestercrab on Dec 7, 2024 \| past
8.		CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons (pentesterlab.com)
		1 point by pentestercrab on Dec 3, 2024 \| past
9.		Shiny Vulnerabilities in R's Most Popular Web Framework (nastystereo.com)
		1 point by pentestercrab on Dec 2, 2024 \| past
10.		PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos (pentesterlab.com)
		1 point by pentestercrab on Nov 27, 2024 \| past
11.		Cross-Site Post Requests Without a Content-Type Header – CSRF Attack (nastystereo.com)
		2 points by pentestercrab on Nov 27, 2024 \| past
12.		Execute commands by sending JSON? Ruby deserialization vulnerabilities (github.blog)
		2 points by pentestercrab on Nov 25, 2024 \| past
13.		JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review (pentesterlab.com)
		3 points by pentestercrab on Nov 25, 2024 \| past
14.		Chosen-Prefix Collisions on AES-Like Hashing (iacr.org)
		2 points by pentestercrab on Nov 25, 2024 \| past
15.		Ruby 3.4 Universal RCE Deserialization Gadget Chain (nastystereo.com)
		2 points by pentestercrab on Nov 25, 2024 \| past \| 1 comment
16.		Ruby's String Slice is Broken (nastystereo.com)
		3 points by pentestercrab on Nov 4, 2024 \| past \| 2 comments
17.		Evaluate Markdown code blocks within Vim (github.com/gpanders)
		68 points by pentestercrab on Oct 26, 2024 \| past \| 18 comments
18.		SQL Injection Polyglot Payloads (nastystereo.com)
		1 point by pentestercrab on Oct 22, 2024 \| past
19.		Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
		2 points by pentestercrab on Oct 1, 2024 \| past \| 1 comment
20.		Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
		4 points by pentestercrab on Sept 27, 2024 \| past
21.		Fuzz Map – fuzzer for GUIs that automatically builds a visual map (fuzzmap.io)
		1 point by pentestercrab on June 27, 2024 \| past
22.		nastystereo.com (nastystereo.com)
		1 point by pentestercrab on June 27, 2024 \| past
23.		A Single File Ruby on Rails Application (molnar.io)
		3 points by pentestercrab on May 27, 2024 \| past \| 4 comments
24.		Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402 (gitlab-com.gitlab.io)
		3 points by pentestercrab on May 3, 2024 \| past
25.		Judge0 Sandbox Escape – allows obtaining root permissions (tantosec.com)
		3 points by pentestercrab on April 30, 2024 \| past
26.		Discovering Deserialization Gadget Chains in Rubyland (includesecurity.com)
		2 points by pentestercrab on March 14, 2024 \| past
27.		Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net)
		2 points by pentestercrab on Jan 29, 2024 \| past
28.		Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator (elttam.com)
		1 point by pentestercrab on Jan 23, 2024 \| past
29.		Talkback – infosec resource aggregator of news and research (talkback.sh)
		2 points by pentestercrab on March 31, 2023 \| past
30.		PHP filter chains: file read from error-based oracle (synacktiv.com)
		1 point by pentestercrab on March 23, 2023 \| past
		More