pentestercrab

Tues Aug 11, 2015 2:29am PST

Karma:

2208

submitted

Wed Aug 20, 2025 11:41am PST

Marshal madness: A brief history of Ruby deserialization exploits

@pentestercrab

2

4

25

Sat Aug 9, 2025 5:34am PST

Breaking the Sorting Barrier for Directed Single-Source Shortest Paths

@pentestercrab

2

3

99

Wed Mar 5, 2025 5:00am PST

New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails

@pentestercrab

1

Fri Jan 10, 2025 5:14pm PST

Escaping Ruby's Gem:SafeMarshal Sandbox

@pentestercrab

1

1

2

Thurs Dec 26, 2024 5:30am PST

Escaping Ruby's Gem:SafeMarshal Sandbox

@pentestercrab

3

Sat Dec 7, 2024 6:22am PST

RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte

@pentestercrab

1

Tues Dec 3, 2024 5:38pm PST

CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons

@pentestercrab

1

Mon Dec 2, 2024 3:54pm PST

Shiny Vulnerabilities in R's Most Popular Web Framework

@pentestercrab

1

1

Wed Nov 27, 2024 4:16pm PST

PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos

@pentestercrab

1

Wed Nov 27, 2024 9:28am PST

Cross-Site Post Requests Without a Content-Type Header – CSRF Attack

@pentestercrab

2

Mon Nov 25, 2024 7:44am PST

Execute commands by sending JSON? Ruby deserialization vulnerabilities

@pentestercrab

2

Mon Nov 25, 2024 6:45am PST

JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review

@pentestercrab

3

Mon Nov 25, 2024 6:01am PST

Chosen-Prefix Collisions on AES-Like Hashing

@pentestercrab

2

Mon Nov 25, 2024 5:29am PST

Ruby 3.4 Universal RCE Deserialization Gadget Chain

@pentestercrab

1

1

2

Mon Nov 4, 2024 6:28am PST

Ruby's String Slice is Broken

@pentestercrab

1

2

3

Sat Oct 26, 2024 12:08pm PST

Evaluate Markdown code blocks within Vim

@pentestercrab

11

18

68

Tues Oct 22, 2024 3:08pm PST

SQL Injection Polyglot Payloads

@pentestercrab

1

Tues Oct 1, 2024 1:57am PST

Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall

@pentestercrab

1

1

2

Fri Sep 27, 2024 7:21am PST

Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall

@pentestercrab

4

Thurs Jun 27, 2024 7:21pm PST

Fuzz Map – fuzzer for GUIs that automatically builds a visual map

@pentestercrab

1

Thurs Jun 27, 2024 7:06pm PST

nastystereo.com

@pentestercrab

1

Mon May 27, 2024 4:22pm PST

A Single File Ruby on Rails Application

@pentestercrab

1

4

3

Fri May 3, 2024 4:23pm PST

Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402

@pentestercrab

1

3

Tues Apr 30, 2024 2:37am PST

Judge0 Sandbox Escape – allows obtaining root permissions

@pentestercrab

3

Thurs Mar 14, 2024 12:41am PST

Discovering Deserialization Gadget Chains in Rubyland

@pentestercrab

2

Mon Jan 29, 2024 9:33am PST

Blind CSS Exfiltration: exfiltrate unknown web pages

@pentestercrab

2

Tues Jan 23, 2024 5:45am PST

Talkback: Keeping up with the pwnses, a next gen infosec resource aggregator

@pentestercrab

1

Fri Mar 31, 2023 5:13am PST

Talkback – infosec resource aggregator of news and research

@pentestercrab

2

Thurs Mar 23, 2023 4:15am PST

PHP filter chains: file read from error-based oracle

@pentestercrab

1

Sun Jan 29, 2023 12:57pm PST

PHP Development Server <= 7.4.21 – Remote Source Disclosure

@pentestercrab

1

Sun Jan 22, 2023 3:24am PST

Viewing Secrecy Through “Blank Spots on the Map” (2009)

@pentestercrab

4

Thurs Dec 8, 2022 3:35am PST

The search for the “perfect” Advent Calendar (2018)

@pentestercrab

1

Wed Dec 7, 2022 2:32am PST

RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass

@pentestercrab

1

Fri Nov 4, 2022 7:44am PST

Reverse Branch Target Buffer Poisoning – New ASLR Bypass via CPU Vulns [pdf]

@pentestercrab

3

Wed Nov 2, 2022 3:13pm PST

The latest OpenSSL vulns were added fairly recently

@pentestercrab

16

73

179

Wed Oct 12, 2022 3:44am PST

Ask HN: How are you, a dev/programmer, preparing for climate change?

@pentestercrab

2

2

3

Thurs Sep 15, 2022 4:02am PST

It Pays to Be Circomspect

@pentestercrab

1

1

3

Thurs Sep 8, 2022 4:20pm PST

Attacking Firecracker: AWS' MicroVM Monitor Written in Rust

@pentestercrab

8

29

212

Mon Jul 25, 2022 11:58am PST

Multiple vulnerabilities in Nuki smart locks

@pentestercrab

3

Thurs Jun 30, 2022 6:38am PST

Golang Code Review Notes by Elttam

@pentestercrab

2

Mon Jun 27, 2022 6:03am PST

Notes on OpenSSL remote memory corruption by Guido Vranken

@pentestercrab

4

13

85

Mon Jun 6, 2022 6:28am PST

ESP-IDF Setup Guide – Setting up an environment for ESP32 vulnerability research

@pentestercrab

2

Wed Apr 13, 2022 3:22am PST

Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x

@pentestercrab

1

Wed Apr 13, 2022 3:13am PST

Git honours embedded bare repos and exploitation via core.fsmonitor

@pentestercrab

1

Tues Mar 29, 2022 12:57am PST

Ruby Deserialization Exploitation – New Gadget Chain for Ruby on Rails

@pentestercrab

8

Wed Mar 23, 2022 6:32am PST

Ask HN: Best Okta Alternative?

@pentestercrab

2

2

1

Fri Mar 18, 2022 7:58am PST

Exploitation via Git embedded bare repos and core.fsmonitor, affects IDEs

@pentestercrab

1

Wed Jan 12, 2022 2:29am PST

Impossible color – Claimed evidence of ability to see colors not in color space

@pentestercrab

2

Fri Dec 17, 2021 7:16am PST

Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228)

@pentestercrab

1

1

3

Sat Dec 4, 2021 1:33pm PST

The search for the “perfect” Advent Calendar (involves Python and Processing)

@pentestercrab

1

1

1

Mon Nov 29, 2021 1:09am PST

Data Exfiltration via CSS and SVG Font

@pentestercrab

2

10

57

Fri Nov 19, 2021 3:11am PST

The status of Ruby memory trimming and how you can help with testing (2019)

@pentestercrab

4

Sun Oct 31, 2021 10:44am PST

FormatFuzzer: A framework for efficient and quality generation of binary inputs

@pentestercrab

3

Tues Sep 28, 2021 7:27am PST

Ruby Universal RCE Deserialization Gadget Chain (2018)

@pentestercrab

1

Tues Sep 28, 2021 5:58am PST

Fail2ban – Remote Code Execution

@pentestercrab

15

63

170

Mon Sep 27, 2021 12:30am PST

Petrov Day 2021: Mutually Assured Destruction?

@pentestercrab

4

Thurs Sep 16, 2021 3:54am PST

Home Assistant Amber

@pentestercrab

6

Thurs Sep 9, 2021 7:34am PST

GitHub Actions checkspelling community workflow GitHub_TOKEN leakage via symlink

@pentestercrab

11

35

129

Fri Aug 13, 2021 4:55am PST

Domino's iOS App Settings

@pentestercrab

14

Wed Jul 21, 2021 2:19pm PST

A hackers perspective on bug bounty triage

@pentestercrab

3

Wed Jul 7, 2021 12:37am PST

DOM Invader: DOM XSS just got a whole lot easier to find

@pentestercrab

3

Tues Jul 6, 2021 4:29am PST

ZeroTier – Global Area Networking

@pentestercrab

3

Tues Jul 6, 2021 4:14am PST

Piecing Together the Dark Legacy of East Germany's Police (2008)

@pentestercrab

3

Wed Jun 30, 2021 5:38am PST

PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service

@pentestercrab

10

Wed May 19, 2021 3:24am PST

BlockFi issued BTC instead of USD, a 45,000x mistake

@pentestercrab

1

Wed May 5, 2021 3:32pm PST

I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit

@pentestercrab

2

Thurs Apr 29, 2021 2:28am PST

The ‘artisanal genius’ of creating iPhone-breaking hacks

@pentestercrab

1

Wed Mar 31, 2021 2:12pm PST

Fuzzing Sockets: Apache HTTP, Part 2: Custom Interceptors

@pentestercrab

1

Mon Mar 15, 2021 12:13pm PST

Sd: My Script Directory

@pentestercrab

3

Wed Mar 10, 2021 4:31pm PST

You might want to update your F5 Big IP appliances

@pentestercrab

6

Tues Mar 9, 2021 3:42am PST

Ask HN: Do you create digital art? let's see it

@pentestercrab

31

51

41

Wed Feb 24, 2021 8:36am PST

A Journey Combining Web Hacking and Binary Exploitation in Real World

@pentestercrab

1

Fri Feb 12, 2021 1:39am PST

Sudoedit Heap Overflow

@pentestercrab

2

Fri Jan 29, 2021 8:38am PST

Stop Using Libgcrypt 1.9.0

@pentestercrab

2

1

5

Wed Jan 27, 2021 5:00pm PST

Rysolv – Fix open source issues, get paid

@pentestercrab

2

Mon Dec 14, 2020 12:35pm PST

The search for the “perfect” Advent Calendar (2018)

@pentestercrab

1

Wed Dec 9, 2020 9:23am PST

Tuya IoT and EZ Mode Pairing

@pentestercrab

1

Mon Dec 7, 2020 11:43am PST

Cross-site leaks (XS-Leaks) Wiki

@pentestercrab

4

Tues Dec 1, 2020 7:16pm PST

iOS 1-day hunting: uncovering and exploiting CVE-2020-27950 kernel memory leak

@pentestercrab

1

Fri Sep 4, 2020 2:45am PST

Simple bugs with complex exploits – an analysis of a V8 vulnerability from P0

@pentestercrab

3

Mon Aug 10, 2020 8:12am PST

Ghostscript Safer Sandbox Breakout (CVE-2020-15900)

@pentestercrab

1

Fri Jul 17, 2020 12:23pm PST

Lua SUID Shells – How to make SUID Lua scripts not drop privileges

@pentestercrab

2