Hello World under the microscope (This article, written by Adam Sawicki, Mateusz Jurczyk and Gynvael Coldwind, was originally publish... 2022-10-11 08:12:34 | 阅读: 33 | 收藏 | gynvael.coldwind.pl windows graphics python microsoft python39

Crow HTTP framework use-after-free (Collaborative post by hebi and Gynvael Coldwind)Crow is an asynchronous C++ HTTP/WebSocket framew... 2022-9-23 08:12:33 | 阅读: 17 | 收藏 | gynvael.coldwind.pl crow pipelining cleared client buffers

Crowbleed (Crow HTTP framework vulnerability) (Collaborative post by Gynvael Coldwind and hebi)Crow is an asynchronous C++ HTTP/WebSocket framew... 2022-9-23 08:12:32 | 阅读: 18 | 收藏 | gynvael.coldwind.pl 7f d8 b4 8c crow

Treebox - Python AST sandbox challenge from Google CTF 2022 While writing an article on how "Hello World" actually works in Python (written with j00ru and Adam... 2022-7-30 08:12:31 | 阅读: 104 | 收藏 | gynvael.coldwind.pl treebox python solved enjoy spoilers

An informal review of CTF abuse Recently chatting with a friend I realized I can recall a lot of interesting stories of how players... 2022-7-23 08:12:30 | 阅读: 28 | 收藏 | gynvael.coldwind.pl organizers lesson players ctfs stories

Debug Log: Why is my M.2 SSD so slow? The back story of this debugging session is that I'm reworking a bit my home server. One of the thin... 2022-7-10 08:12:29 | 阅读: 22 | 收藏 | gynvael.coldwind.pl pcie x4 x16 designation adapter

Screams of Power vulnerabilities (Powertek-based PDUs) Even if the PDUs you use in your data center aren't branded "Powertek", please keep reading.Powert... 2022-6-13 08:12:28 | 阅读: 20 | 收藏 | gynvael.coldwind.pl powertek tmptoken pdu firmware

Mega Sekurak Hacking Party - Czerwiec 2022 Coś mi mówi, że muszę trochę częściej coś wrzucać na bloga. Poprzedni post był o grudniowym Mega Sek... 2022-5-28 08:12:27 | 阅读: 16 | 收藏 | gynvael.coldwind.pl jest sekurak mega biletu sklep

Mega Sekurak Hacking Party 2021 i 6 grudnia odbędzie się Mega Sekurak Hacking Party, czyli jednodniowe wydarzenie organizowane przez e... 2021-11-19 09:12:25 | 阅读: 30 | 收藏 | gynvael.coldwind.pl jak się od jest nie

Oh My H@ck za miesiąc i jeden dzień Powoli zbliża się kolejna edycja bardzo fajnej konferencji security Oh My [email protected] (znanej... 2021-10-25 00:12:24 | 阅读: 8 | 收藏 | gynvael.coldwind.pl bardzo się dla pln jak

Google's Beginner Quest 2021 - all tasks solved recording Google CTF nowadays is a pretty large event - or should I say 3 connected events, with the pretty ha... 2021-10-2 00:12:23 | 阅读: 35 | 收藏 | gynvael.coldwind.pl hw notebook hardcore livestream

Seventh Inferno vulnerability (some NETGEAR smart switches) TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh In... 2021-9-13 00:12:22 | 阅读: 16 | 收藏 | gynvael.coldwind.pl pwd injection payload sess attacker

Draconian Fear vulnerability (some NETGEAR smart switches) TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh In... 2021-9-6 00:12:21 | 阅读: 13 | 收藏 | gynvael.coldwind.pl netgear attacker guiauth sess polld

Demon's Cries vulnerability (some NETGEAR smart switches) TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh In... 2021-9-6 00:12:20 | 阅读: 10 | 收藏 | gynvael.coldwind.pl tlv sccd netgear pwd

Making numbers out of thin air, Python bytecode edition Two weeks ago I played 0CTF/TCTF 2021 Quals CTF with my team. As every year, it was a pretty fun C... 2021-7-18 00:12:19 | 阅读: 25 | 收藏 | gynvael.coldwind.pl python bytecode genetic pypypypy sequences

ClickMeeting minor privacy weakness (fixed) Just a short reminder to anonymize data on the server-side and not in the browser, illustrated by... 2021-7-7 00:12:18 | 阅读: 14 | 收藏 | gynvael.coldwind.pl security attendees webinar

popen+cat explained A few days ago I tweeted about this "open and read a file with popen+cat" gem I found in the firmwar... 2021-7-3 00:12:17 | 阅读: 17 | 收藏 | gynvael.coldwind.pl popen memory busybox uclibc library

Gears of Chaos vulnerability chain (NETGEAR WAC104 access point) As mentioned in previous post, NETGEAR WAC104 access point just had a couple of vulnerabilities patc... 2021-6-29 00:12:16 | 阅读: 16 | 收藏 | gynvael.coldwind.pl netgear passwd bypass wac104

WAC104 vulnerabilities - please go patch (details on Monday) Just a short post (I will publish a longer one with details on Monday) – if you have the following N... 2021-6-23 00:12:15 | 阅读: 8 | 收藏 | gynvael.coldwind.pl firmware netgear wac104 monday software

FAQ: Difference between vulnerability, exploit and CVE Obligatory FAQ note: Sometimes I get asked questions, e.g. on IRC, via e-mail or during my livestrea... 2021-5-22 00:12:14 | 阅读: 15 | 收藏 | gynvael.coldwind.pl cves security database software