Tags

• aws 3
• azure 2
• bof 1
• bug-bounty 2
• cloud 3
• code-injection 4
• command-injection 1
• compression 1
• crypto 1
• csp-bypass 1
• ctf 12
• deserialisation 1
• docker 2
• dom-clobbering 1
• encoding 1
• express.js 4
• file-descriptor 1
• flask 2
• gcp 1
• git 1
• github-actions 1
• html-injection 1
• js 2
• js-quirks 3
• json-quirks 1
• jwt 1
• language-quirks 3
• logic-flaw 1
• node.js 5
• nosql 1
• off-by-one 1
• path-traversal 2
• php 2
• privilege-escalation 1
• prototype-pollution 3
• pwn 2
• race-condition 1
• redis 2
• rop 1
• security-advisory 1
• shellcoding 1
• sqli 2
• ssrf 5
• ssti 1
• toctou 1
• type-juggling 1
• web 12
• xss 2
• xxe 1

#aws

• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge
• 10 December 2020 STACK the Flags 2020 - Hold the Line! Perimeter Defences Doing It's Work! Cloud Challenge
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge

#azure

• 24 February 2023 Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge

#bof

• 11 October 2017 GryphonCTF 2017

#bug-bounty

• 24 February 2023 Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer
• 19 June 2021 GitHub Security Lab CTF - Call to Hacktion

#cloud

• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge
• 10 December 2020 STACK the Flags 2020 - Hold the Line! Perimeter Defences Doing It's Work! Cloud Challenge
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge

#code-injection

• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge
• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge
• 19 June 2021 GitHub Security Lab CTF - Call to Hacktion
• 10 December 2020 STACK the Flags 2020 - Hold the Line! Perimeter Defences Doing It's Work! Cloud Challenge

#command-injection

• 3 March 2023 CS-Cart PDF Plugin Unauthenticated Command Injection

#compression

• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges

#crypto

• 5 May 2021 BugPoC April 2021 Memory Leak Challenge

#csp-bypass

• 10 November 2020 BugPoC November 2020 XSS Challenge

#ctf

• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge
• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge
• 19 June 2021 GitHub Security Lab CTF - Call to Hacktion
• 5 May 2021 BugPoC April 2021 Memory Leak Challenge
• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge
• 10 December 2020 STACK the Flags 2020 - Hold the Line! Perimeter Defences Doing It's Work! Cloud Challenge
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge
• 10 November 2020 BugPoC November 2020 XSS Challenge
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges
• 22 May 2018 CrossCTF 2018 Qualifiers
• 11 October 2017 GryphonCTF 2017

#deserialisation

• 2 November 2021 Hack.lu CTF 2021 Web Challenges

#docker

• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge

#dom-clobbering

• 10 November 2020 BugPoC November 2020 XSS Challenge

#encoding

• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges

#express.js

• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge
• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges
• 22 May 2018 CrossCTF 2018 Qualifiers

#file-descriptor

• 11 October 2017 GryphonCTF 2017

#flask

• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges

#gcp

• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge

#git

• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge

#github-actions

• 19 June 2021 GitHub Security Lab CTF - Call to Hacktion

#html-injection

• 10 November 2020 BugPoC November 2020 XSS Challenge

#js

• 24 February 2023 Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer
• 22 May 2018 CrossCTF 2018 Qualifiers

#js-quirks

• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges
• 22 May 2018 CrossCTF 2018 Qualifiers

#json-quirks

• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge

#jwt

• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge

#language-quirks

• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges
• 22 May 2018 CrossCTF 2018 Qualifiers

#logic-flaw

• 2 November 2021 Hack.lu CTF 2021 Web Challenges

#node.js

• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge
• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 10 December 2020 STACK the Flags 2020 - Hold the Line! Perimeter Defences Doing It's Work! Cloud Challenge
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges
• 22 May 2018 CrossCTF 2018 Qualifiers

#nosql

• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge

#off-by-one

• 11 October 2017 GryphonCTF 2017

#path-traversal

• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 5 May 2021 BugPoC April 2021 Memory Leak Challenge

#php

• 3 March 2023 CS-Cart PDF Plugin Unauthenticated Command Injection
• 2 November 2021 Hack.lu CTF 2021 Web Challenges

#privilege-escalation

• 19 June 2021 GitHub Security Lab CTF - Call to Hacktion

#prototype-pollution

• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge
• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges

#pwn

• 19 June 2021 GitHub Security Lab CTF - Call to Hacktion
• 11 October 2017 GryphonCTF 2017

#race-condition

• 2 November 2021 Hack.lu CTF 2021 Web Challenges

#redis

• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge

#rop

• 11 October 2017 GryphonCTF 2017

#security-advisory

• 3 March 2023 CS-Cart PDF Plugin Unauthenticated Command Injection

#shellcoding

• 11 October 2017 GryphonCTF 2017

#sqli

• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge

#ssrf

• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge
• 5 May 2021 BugPoC April 2021 Memory Leak Challenge
• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges

#ssti

• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge

#toctou

• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge

#type-juggling

• 22 May 2018 CrossCTF 2018 Qualifiers

#web

• 3 March 2023 CS-Cart PDF Plugin Unauthenticated Command Injection
• 24 February 2023 Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer
• 15 November 2021 SecurityMB's October 2021 Prototype Pollution Challenge
• 2 November 2021 Hack.lu CTF 2021 Web Challenges
• 9 August 2021 RaRCTF 2021 - Microservices As A Service Challenge
• 5 May 2021 BugPoC April 2021 Memory Leak Challenge
• 11 December 2020 STACK the Flags 2020 - Keep the Clouds Together... Cloud Challenge
• 10 December 2020 STACK the Flags 2020 - Hold the Line! Perimeter Defences Doing It's Work! Cloud Challenge
• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge
• 10 November 2020 BugPoC November 2020 XSS Challenge
• 7 July 2020 Gynvael Coldwind's May 2020 Web Security Challenges
• 22 May 2018 CrossCTF 2018 Qualifiers

#xss

• 24 February 2023 Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer
• 10 November 2020 BugPoC November 2020 XSS Challenge

#xxe

• 9 December 2020 STACK the Flags 2020 - Share and Deploy the Containers Cloud Challenge