pentestercrab's submissions

1.		Ruby Array Pack Bleed (nastystereo.com)
		62 points by pentestercrab 3 months ago \| past \| 1 comment
2.		Ruby Array Pack Bleed – Impacts Ruby 1.6.7 to 4.0.0 (nastystereo.com)
		9 points by pentestercrab 3 months ago \| past
3.		Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net)
		1 point by pentestercrab 7 months ago \| past
4.		Marshal madness: A brief history of Ruby deserialization exploits (trailofbits.com)
		25 points by pentestercrab 7 months ago \| past \| 4 comments
5.		Breaking the Sorting Barrier for Directed Single-Source Shortest Paths (arxiv.org)
		99 points by pentestercrab 8 months ago \| past \| 3 comments
6.		New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails (elttam.com)
		1 point by pentestercrab on March 5, 2025 \| past
7.		Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
		2 points by pentestercrab on Jan 10, 2025 \| past \| 1 comment
8.		Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
		3 points by pentestercrab on Dec 26, 2024 \| past
9.		RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte (github.com/rubygems)
		1 point by pentestercrab on Dec 7, 2024 \| past
10.		CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons (pentesterlab.com)
		1 point by pentestercrab on Dec 3, 2024 \| past
11.		Shiny Vulnerabilities in R's Most Popular Web Framework (nastystereo.com)
		1 point by pentestercrab on Dec 2, 2024 \| past
12.		PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos (pentesterlab.com)
		1 point by pentestercrab on Nov 27, 2024 \| past
13.		Cross-Site Post Requests Without a Content-Type Header – CSRF Attack (nastystereo.com)
		2 points by pentestercrab on Nov 27, 2024 \| past
14.		Execute commands by sending JSON? Ruby deserialization vulnerabilities (github.blog)
		2 points by pentestercrab on Nov 25, 2024 \| past
15.		JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review (pentesterlab.com)
		3 points by pentestercrab on Nov 25, 2024 \| past
16.		Chosen-Prefix Collisions on AES-Like Hashing (iacr.org)
		2 points by pentestercrab on Nov 25, 2024 \| past
17.		Ruby 3.4 Universal RCE Deserialization Gadget Chain (nastystereo.com)
		2 points by pentestercrab on Nov 25, 2024 \| past \| 1 comment
18.		Ruby's String Slice is Broken (nastystereo.com)
		3 points by pentestercrab on Nov 4, 2024 \| past \| 2 comments
19.		Evaluate Markdown code blocks within Vim (github.com/gpanders)
		68 points by pentestercrab on Oct 26, 2024 \| past \| 18 comments
20.		SQL Injection Polyglot Payloads (nastystereo.com)
		1 point by pentestercrab on Oct 22, 2024 \| past
21.		Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
		2 points by pentestercrab on Oct 1, 2024 \| past \| 1 comment
22.		Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
		4 points by pentestercrab on Sept 27, 2024 \| past
23.		Fuzz Map – fuzzer for GUIs that automatically builds a visual map (fuzzmap.io)
		1 point by pentestercrab on June 27, 2024 \| past
24.		nastystereo.com (nastystereo.com)
		1 point by pentestercrab on June 27, 2024 \| past
25.		A Single File Ruby on Rails Application (molnar.io)
		3 points by pentestercrab on May 27, 2024 \| past \| 4 comments
26.		Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402 (gitlab-com.gitlab.io)
		3 points by pentestercrab on May 3, 2024 \| past
27.		Judge0 Sandbox Escape – allows obtaining root permissions (tantosec.com)
		3 points by pentestercrab on April 30, 2024 \| past
28.		Discovering Deserialization Gadget Chains in Rubyland (includesecurity.com)
		2 points by pentestercrab on March 14, 2024 \| past
29.		Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net)
		2 points by pentestercrab on Jan 29, 2024 \| past
30.		Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator (elttam.com)
		1 point by pentestercrab on Jan 23, 2024 \| past
		More

HN For You