Jinja2 template injection filter bypasses
The blogpost is a follow-up to my last post about the "Jins2 Template Injection RCE" in the iCTF 2017 "flasking unicorns" service. This time it is
Just another security blog
Finding an arbitrary file upload vulnerability in a filesharing script
This blogpost is about a simple arbitrary file upload vulnerability that I discovered by accident in a file sharing python script. Finding a script After an awesome conference and RuCTF
iCTF 2017 flasking unicorns writeup - Or how we might have rooted your iCTF VM
Okay, I admit that the headline is a bit click-baity, but flasking unicorns had a fancy RCE and there might have been a way to become root on your opponent&
BsidesSF CTF 2017 web writeups
I joined the infamous ENOFLAG team to play the BsidesSF CTF 2017 last weekend. I managed to solve the majority of web challenges and I'd like to share
nullcon HackIM Crypto 1 writeup
This weekend was nullcon HackIM CTF and I wanted to post my writeup for the Crypto 1 challenge, because I found it particularly interesting. Although crypto challenges aren't