Last weekend, I had the time to play the BalCCon2k20 CTF and since there are no writeups for the last two web challenges yet, I decided to change that. Let
In this blog post I will go over the little research project I did about http authentication credentials hiding in plain sight. Idea A few month ago, I was thinking
This won't be a long blog post, just a little pointer to an A/D CTF challenge that I created last year: A damn vulnerable web framework written in bash.
In part I of the blog series, we will go over some "history" files that are commonly found on web servers. What are history files? Most interactive commandline
Last year I did some research on how an exposed ~/.ssh/ folder on a web server can lead to a complete pwnage. Here's the deal: I've seen it in the