pentestercrab's submissions

1.		When Dawkins met Claude – Could this AI be conscious? (unherd.com)
		5 points by pentestercrab 1 day ago \| past \| 1 comment
2.		Ruby Array Pack Bleed (nastystereo.com)
		62 points by pentestercrab 3 months ago \| past \| 1 comment
3.		Ruby Array Pack Bleed – Impacts Ruby 1.6.7 to 4.0.0 (nastystereo.com)
		9 points by pentestercrab 4 months ago \| past
4.		Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net)
		1 point by pentestercrab 8 months ago \| past
5.		Marshal madness: A brief history of Ruby deserialization exploits (trailofbits.com)
		25 points by pentestercrab 8 months ago \| past \| 4 comments
6.		Breaking the Sorting Barrier for Directed Single-Source Shortest Paths (arxiv.org)
		99 points by pentestercrab 8 months ago \| past \| 3 comments
7.		New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails (elttam.com)
		1 point by pentestercrab on March 5, 2025 \| past
8.		Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
		2 points by pentestercrab on Jan 10, 2025 \| past \| 1 comment
9.		Escaping Ruby's Gem:SafeMarshal Sandbox (nastystereo.com)
		3 points by pentestercrab on Dec 26, 2024 \| past
10.		RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte (github.com/rubygems)
		1 point by pentestercrab on Dec 7, 2024 \| past
11.		CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons (pentesterlab.com)
		1 point by pentestercrab on Dec 3, 2024 \| past
12.		Shiny Vulnerabilities in R's Most Popular Web Framework (nastystereo.com)
		1 point by pentestercrab on Dec 2, 2024 \| past
13.		PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos (pentesterlab.com)
		1 point by pentestercrab on Nov 27, 2024 \| past
14.		Cross-Site Post Requests Without a Content-Type Header – CSRF Attack (nastystereo.com)
		2 points by pentestercrab on Nov 27, 2024 \| past
15.		Execute commands by sending JSON? Ruby deserialization vulnerabilities (github.blog)
		2 points by pentestercrab on Nov 25, 2024 \| past
16.		JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review (pentesterlab.com)
		3 points by pentestercrab on Nov 25, 2024 \| past
17.		Chosen-Prefix Collisions on AES-Like Hashing (iacr.org)
		2 points by pentestercrab on Nov 25, 2024 \| past
18.		Ruby 3.4 Universal RCE Deserialization Gadget Chain (nastystereo.com)
		2 points by pentestercrab on Nov 25, 2024 \| past \| 1 comment
19.		Ruby's String Slice is Broken (nastystereo.com)
		3 points by pentestercrab on Nov 4, 2024 \| past \| 2 comments
20.		Evaluate Markdown code blocks within Vim (github.com/gpanders)
		68 points by pentestercrab on Oct 26, 2024 \| past \| 18 comments
21.		SQL Injection Polyglot Payloads (nastystereo.com)
		1 point by pentestercrab on Oct 22, 2024 \| past
22.		Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
		2 points by pentestercrab on Oct 1, 2024 \| past \| 1 comment
23.		Insecurity Through Censorship: Vulnerabilities Caused by the Great Firewall (assetnote.io)
		4 points by pentestercrab on Sept 27, 2024 \| past
24.		Fuzz Map – fuzzer for GUIs that automatically builds a visual map (fuzzmap.io)
		1 point by pentestercrab on June 27, 2024 \| past
25.		nastystereo.com (nastystereo.com)
		1 point by pentestercrab on June 27, 2024 \| past
26.		A Single File Ruby on Rails Application (molnar.io)
		3 points by pentestercrab on May 27, 2024 \| past \| 4 comments
27.		Devfile file write vulnerability in Gitlab – walkthrough finding CVE-2024-0402 (gitlab-com.gitlab.io)
		3 points by pentestercrab on May 3, 2024 \| past
28.		Judge0 Sandbox Escape – allows obtaining root permissions (tantosec.com)
		3 points by pentestercrab on April 30, 2024 \| past
29.		Discovering Deserialization Gadget Chains in Rubyland (includesecurity.com)
		2 points by pentestercrab on March 14, 2024 \| past
30.		Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net)
		2 points by pentestercrab on Jan 29, 2024 \| past
		More