CryptoCat

Famous beef noodle soup (broth simmering continously for over 50 years!) in one of my all time favourite cities - Bangkok! 🇹🇭 Any hackers here wanna hang out, hmu 🤙

Singapore 🇸🇬

I've done a lot of awesome hacker meetups but this one was next level! So nice to meet brutecat, dreyand and IDlSSEVERYTHING🔥 These guys have some crazy skills (and stories), hope to meet again in the future 💜

CryptoCat x Singapore

I'll be in Singapore this weekend! I know there's lots of cool hackers there so hmu if you wanna get some coffee/food/drinks 🥰

Finally back in #KualaLumpur 🙏 Meeting some of my favourite Malaysian hackers for food/drinks tomorrow night. If you wanna join, let me know! 🥰

🍉

YouTube video by CryptoCat Offensive Security Web Expert (OSWE) Review + Tips/Tricks [OffSec]

My OSWE review, tips/tricks.. general ramblings 👀😅

youtu.be/IK4t-i5lDEs

OSWE Exam Complete

Just finished my OSWE exam 👀 Today I write up the report.. while watching #NahamCon 😌

Confetti: Solution to my Intigriti May 2025 XSS Challenge - Johan Carlsson

Here is the official writeup of my XSS challenge on Intigriti. I think it contains some fun browser trivia even for those who did not look at the chall

joaxcar.com/blog/2025/05...

Intigriti May XSS Challenge (0525) | Jorian Woltjer A challenge by @joaxcar with a small but complex XSS chain, hitting DOM Clobbering with a race condition and abusing a cool URL parsing quirk in JavaScript.

The legendary @joaxcar.bsky.social made a really interesting XSS challenge this month for Intigriti. My solution involved winning a race condition with 100 <iframe>s to utilize a DOM Clobbering gadget after bypassing a RegEx.
Check out the writeup below:
jorianwoltjer.com/blog/p/hacki...

CryptoCat x Asia

Heading back to SE-Asia next month.. Any hackers wanna hang out? 👀

Join my discord to keep up with the travel plans / arrange meetups: cryptocat.me/discord 😇

#cybersecurity #ethicalhacking #infosec #bugbounty #ctf #asia

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame", at #BHUSA! This is going to be epic, check out the abstract for a teaser ↓

Web | CTF Writeups

Writeups too ✅

book.cryptocat.me/ctf-writeups...

YouTube video by CryptoCat Tsuku CTF Web Challenge Walkthroughs (2025)

Video walkthrough for the web challenges from Tsuku CTF 💜

youtu.be/qGd4d0zmhy8

Trust Me, I’m Local: Chrome Extensions, MCP, and the Sandbox Escape Let’s talk about MCPs. You’ve probably heard of them, and maybe you’ve read the security risks associated with them. Sure, they sound…

We already know that any Web server listening on the loopback interface is a security risk, because it may be accessed by a browser or its extensions.

But the impact may be way bigger if this Web server is a MCP server 😱

blog.extensiontotal.com/trust-me-im-...

CryptoCat's Discord: https://discord.cryptocat.me

Have YOU joined my discord server yet? Click the link below and let's talk about hacking stuff 💜

discord.cryptocat.me

YouTube video by CryptoCat CTF@CIT Web Challenge Walkthroughs

Added a video walkthrough for the web challenges from the recent CTF@CIT 💜

youtu.be/ZBdApaw0r0M

#capturetheflag #ctf #websecurity #bugbounty #cybersecurity #ethicalhacking #infosec

CIT CTF web challenge writeups

Made writeups for the web challs featured in the CTF@CIT competition this weekend 🚩

1) SQL injection
2) Git repo dumping
3) Local file read with basic filter bypass
4) Flask session cookie tampering + SSTI
5) Credential reuse / HTTP method tampering

book.cryptocat.me/ctf-writeups...

YouTube video by Intigriti Next.js Middleware Auth Bypass (CVE-2025-29927) and Local File Read via XXE - HackDonalds Challenge

Video for the HackDonalds Challenge by @intigriti.com 💜

youtu.be/KwD_TKZr0YY

3 million views - https://yt.cryptocat.me

My YouTube channel has reached a new milestone; 3 million views! 🥳🎉

Next up - 50k subscribers! Help me get there 🥺

yt.cryptocat.me

🩸 First blood went to @sebsrt.bsky.social in under 15 mins 👏

HackDonalds Challenge - Bug Bounty Program - Intigriti Intigriti offers bug bounty and agile penetration testing solutions powered by Europe's #1 leading network of ethical hackers.

Once you've found the flag, you can report it (along with short steps-to-solve) here ✅

go.intigriti.com/submit-solut...

HackDonalds 🍟 Welcome to the most exploitable fast food chain on the net.

Who wants a bonus @intigriti.com challenge? Easier than usual 👀

First blood + best writeup win a €50 swag voucher 😎

Find the flag before 15/04/25 👇

hackdonalds.intigriti.io

London 🇬🇧🏙🎨

YouTube video by Intigriti Exploiting NoSQL Operator Injection to Extract Unknown Fields

Check out the walkthrough for the fourth (and currently final) @portswigger.net lab on NoSQL injection by @cryptocat.me 😼

youtu.be/aSXlmJ3lN4o

Almost 600 hackers at ZeroDays CTF in #Dublin this year!! 💜

#ZeroDays #CTF #CaptureTheFlag #CyberSecurity #EthicalHacking #InfoSec #BugBounty #Ireland

YouTube video by CryptoCat 18 - API Security (low/med/high) - Damn Vulnerable Web Application (DVWA)

As promised, I've updated my YouTube playlist with a walkthrough for the new API testing module in @digi.ninja's Damn Vulnerable Web Application (DVWA) 💜

www.youtube.com/watch?v=c_6R...

Met so many cool hackers over the past few days in Kuala Lumpur! 💜

Attending the amazing @1ns0mn1h4ck.bsky.social to represent @intigriti.com today!

Hit me up if you want to chat. I've got stickers and invite codes to hand out 😉.