Google CTF 2025
Players were given a simple puppeteer bot that visits any URL provided by the players.
The flag was stored as file:///flag.txt so the goal was to leak this file somehow
The intended solution was to leak the flag file through an XSSI with help of
hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.
I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:
By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k
| Allow: CONNECT | |
| Allow: GET | |
| Allow: HEAD | |
| Allow: POST | |
| Allow: TRACE | |
| Client-IP: 0 | |
| Client-IP: 0177.0000.0000.0001 | |
| Client-IP: 0x7F000001 | |
| Client-IP: 10.0.0.0 | |
| Client-IP: 10.0.0.1 |
I recently stumbled upon an application developed with Flutter, and since it was my first time seeing it, I surprisingly couldn't intercept its requests. After some digging on google, I created this tutorial with the steps that personally worked for me and I wanted to share them in hope to help someone else.
Note that the applications that I tested didn't have certificate pinning implemented. I'll update this file once I get to test an application that has it (if I'll be able to bypass it 😃 ).
To simplify the explanation I refer to the machine that hosts Burp as Kali, but you can use whatever linux machine you want.
There are 2 ways to intercept HTTP connections from a Flutter application installed on an Android device (I'm sure there are more but these are the ones I know). Intercepting requests by changing the proxy settings of the device, through the classic settings of Android, doesn't work in this case, since Flutter applic
Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Threading; | |
| public class Program | |
| { | |
| private void Main() |
As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
**1.
| import os | |
| def find_best_wordlists(user_word, max_wordlists): | |
| wordlists_dir = '/opt/OneListForAll/dict' | |
| wordlists = os.listdir(wordlists_dir) | |
| matched_wordlists = [] | |
| for wordlist in wordlists: | |
| if user_word.lower() in wordlist.lower(): |
| using NtApiDotNet; | |
| using NtApiDotNet.Ndr.Marshal; | |
| using NtApiDotNet.Win32; | |
| using NtApiDotNet.Win32.Rpc.Transport; | |
| using NtApiDotNet.Win32.Security.Authentication; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Client; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Server; | |
| using NtApiDotNet.Win32.Security.Authentication.Logon; | |
| using System; |
| Loki | |
| https://www.shodan.io/search?query=%22Loki+Locker%22 | |
| BlackBit | |
| https://www.shodan.io/search?query=%22Encrypted+by+BlackBit%22 | |
| BlackHunt | |
| https://www.shodan.io/search?query=%22Your+Network+Infected+with+BlackHunt+Ransomware+Team%22 | |
| Amelia, Proxima |
