Hacker News new | past | comments | ask | show | jobs | submit | pentestercrab's submissions login

1. New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails (elttam.com) 1 point by pentestercrab 28 days ago | past 2. Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com) 2 points by pentestercrab 82 days ago | past | 1 comment 3. Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com) 3 points by pentestercrab 3 months ago | past 4. RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte (github.com/rubygems) 1 point by pentestercrab 3 months ago | past 5. CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons (pentesterlab.com) 1 point by pentestercrab 3 months ago | past 6. Shiny Vulnerabilities in R's Most Popular Web Framework (nastystereo.com) 1 point by pentestercrab 4 months ago | past 7. PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos (pentesterlab.com) 1 point by pentestercrab 4 months ago | past 8. Cross-Site Post Requests Without a Content-Type Header – CSRF Attack (nastystereo.com) 2 points by pentestercrab 4 months ago | past 9. Execute commands by sending JSON? Ruby deserialization vulnerabilities (github.blog) 2 points by pentestercrab 4 months ago | past 10. JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review (pentesterlab.com) 3 points by pentestercrab 4 months ago | past 11. Chosen-Prefix Collisions on AES-Like Hashing (iacr.org) 2 points by pentestercrab 4 months ago | past 12. Ruby 3.4 Universal RCE Deserialization Gadget Chain (nastystereo.com) 2 points by pentestercrab 4 months ago | past | 1 comment 13. Ruby's String Slice is Broken (nastystereo.com) 3 points by pentestercrab 4 months ago | past | 2 comments 14. Evaluate Markdown code blocks within Vim (github.com/gpanders) 68 points by pentestercrab 5 months ago | past | 18 comments 15. SQL Injection Polyglot Payloads (nastystereo.com) 1 point by pentestercrab 5 months ago | past 16. Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io) 2 points by pentestercrab 6 months ago | past | 1 comment 17. Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io) 4 points by pentestercrab 6 months ago | past 18. Fuzz Map – fuzzer for GUIs that automatically builds a visual map (fuzzmap.io) 1 point by pentestercrab 9 months ago | past 19. nastystereo.com (nastystereo.com) 1 point by pentestercrab 9 months ago | past 20. A Single File Ruby on Rails Application (molnar.io) 3 points by pentestercrab 10 months ago | past | 4 comments 21. Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402 (gitlab-com.gitlab.io) 3 points by pentestercrab 11 months ago | past 22. Judge0 Sandbox Escape – allows obtaining root permissions (tantosec.com) 3 points by pentestercrab 11 months ago | past 23. Discovering Deserialization Gadget Chains in Rubyland (includesecurity.com) 2 points by pentestercrab on March 14, 2024 | past 24. Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net) 2 points by pentestercrab on Jan 29, 2024 | past 25. Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator (elttam.com) 1 point by pentestercrab on Jan 23, 2024 | past 26. Talkback – infosec resource aggregator of news and research (talkback.sh) 2 points by pentestercrab on March 31, 2023 | past 27. PHP filter chains: file read from error-based oracle (synacktiv.com) 1 point by pentestercrab on March 23, 2023 | past 28. PHP Development Server <= 7.4.21 – Remote Source Disclosure (projectdiscovery.io) 1 point by pentestercrab on Jan 29, 2023 | past 29. Viewing Secrecy Through “Blank Spots on the Map” (2009) (fas.org) 4 points by pentestercrab on Jan 22, 2023 | past 30. The search for the “perfect” Advent Calendar (2018) (jgc.org) 1 point by pentestercrab on Dec 8, 2022 | past More

Join us for AI Startup School this June 16-17 in San Francisco! Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: