Explore >> Select a destination
|
You are here 
|
blog.andlabs.org | ||
| | | | |
blogs.juniper.net
|
|
| | | | | A Control Web Panel vulnerability is being used to compromise SSH servers by injecting code via dynamic library preloading. | |
| | | | |
spawnzii.github.io
|
|
| | | | | Introduction Every year ESNA organizes a CTF as an advent calendar, so there is a new challenge every day on a different theme, like pwn, forensic, programming, reverse and web. To motivate students to participate, the TOP 8 of the general ranking will be selected to participate in the CTF of EC2. The challenges are proposed by Worty & iHuggsy, but also by other trusted students ;). I was lucky enough to be able to create a challenge for the occasion, so I will start with this one. | |
| | | | |
www.michalspacek.com
|
|
| | | | | Stealing session ids from phpinfo() output has been a known technique for some time, and is used to bypass the HttpOnly attribute, which prohibits JavaScript from accessing a cookie marked as such (e.g. PHPSESSID). Ijust now thought of a solution that allows you to keep your phpinfo(): we'll simply censor the sensitive data, making phpinfo() lose some of its value to the attacker. | |
| | | | |
blog.kylehuey.com
|
|
| | | I have been working on a lot of Docker-related stuff lately. I have learned a few tricks that I thought were worth writing down in one place. Use a local user inside a container: For local... | ||
