realansgar
@realansgar.dev
Reposted by realansgar
Hack.lu CTF registration is open! Win great prizes from our sponsors:
🎯 3x @offensivecon.bsky.social tickets by Binary Gecko
🕵️ 6x @burpsuite.bsky.social
🥷 6x @binary.ninja
📦 80 months HackTheBox VIP+
💸 $1000 by Zellic
🇩🇪 DHM quals
flu.xxx
🎯 3x @offensivecon.bsky.social tickets by Binary Gecko
🕵️ 6x @burpsuite.bsky.social
🥷 6x @binary.ninja
📦 80 months HackTheBox VIP+
💸 $1000 by Zellic
🇩🇪 DHM quals
flu.xxx
Info - Hack.lu CTF 2025
Hack.lu CTF 2025 - Organized by FluxFingers, the CTF team of Ruhr University Bochum
flu.xxx
October 16, 2025 at 10:44 AM
Hack.lu CTF registration is open! Win great prizes from our sponsors:
🎯 3x @offensivecon.bsky.social tickets by Binary Gecko
🕵️ 6x @burpsuite.bsky.social
🥷 6x @binary.ninja
📦 80 months HackTheBox VIP+
💸 $1000 by Zellic
🇩🇪 DHM quals
flu.xxx
🎯 3x @offensivecon.bsky.social tickets by Binary Gecko
🕵️ 6x @burpsuite.bsky.social
🥷 6x @binary.ninja
📦 80 months HackTheBox VIP+
💸 $1000 by Zellic
🇩🇪 DHM quals
flu.xxx
Reposted by realansgar
Looks like some Linux eBPF vulnerabilities presented at this year's Black Hat are made-up AI slop
www.openwall.com/lists/oss-se...
www.openwall.com/lists/oss-se...
September 30, 2025 at 3:16 PM
Looks like some Linux eBPF vulnerabilities presented at this year's Black Hat are made-up AI slop
www.openwall.com/lists/oss-se...
www.openwall.com/lists/oss-se...
Reposted by realansgar
We secured 3rd place at ENOWARS CTF - top team in the DACH region and now qualified for DHM (German Hacking Championship)!
Huge congrats to all participants and thanks to the organizers for an awesome CTF! 🎉
Huge congrats to all participants and thanks to the organizers for an awesome CTF! 🎉
July 19, 2025 at 9:46 PM
We secured 3rd place at ENOWARS CTF - top team in the DACH region and now qualified for DHM (German Hacking Championship)!
Huge congrats to all participants and thanks to the organizers for an awesome CTF! 🎉
Huge congrats to all participants and thanks to the organizers for an awesome CTF! 🎉
Reposted by realansgar
🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privil...
www.sonarsource.com
July 8, 2025 at 3:32 PM
🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:
www.sonarsource.com/blog/caught-...
#appsec #security
"this case has been assessed as low severity and does not meet MSRC’s bar for immediate servicing due to RCE is no longer possible without extensive user interaction (i.e., accepting a save prompt to a location controlled by an attacker)"
We love to see it 🫠
We love to see it 🫠
May 15, 2025 at 10:13 AM
"this case has been assessed as low severity and does not meet MSRC’s bar for immediate servicing due to RCE is no longer possible without extensive user interaction (i.e., accepting a save prompt to a location controlled by an attacker)"
We love to see it 🫠
We love to see it 🫠
Reposted by realansgar
📊⚠️ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
Data in Danger: Detecting Cross-Site Scripting in Grafana
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
www.sonarsource.com
April 24, 2025 at 3:02 PM
📊⚠️ Data in danger!
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post:
www.sonarsource.com/blog/data-in...
#appsec #security #vulnerability
And here's the second part of my old JumpServer journey I presented at Insomni'hack24. After getting authenticated last week, this time we're abusing multiple design flaws to get RCE and escape the Docker container on the JumpServer host.
🦘🛜 Our second part of the “Diving Into JumpServer” series is live:
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Read more on how an attacker who bypassed authentication can execute code and fully compromise the JumpServer instance and internal hosts:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
www.sonarsource.com
March 27, 2025 at 5:11 AM
And here's the second part of my old JumpServer journey I presented at Insomni'hack24. After getting authenticated last week, this time we're abusing multiple design flaws to get RCE and escape the Docker container on the JumpServer host.
The Sonar research team just published a blog about my old JumpServer vulns I presented at Insomni'hack24. Check it out for some microservice shenanigans and stay tuned for part two that covers auth->RCE next week.
🦘🛜Compromising bastion host to gain full control over the internal infrastructure.
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:
www.sonarsource.com/blog/diving-...
#appsec #security #vulnerability
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (1/2)
Bastion host offers a centralized point of access and control to an internal network, but what happens when this gateway itself is compromised? In this blog series, we will dive into vulnerabilities w...
www.sonarsource.com
March 20, 2025 at 4:21 PM
The Sonar research team just published a blog about my old JumpServer vulns I presented at Insomni'hack24. Check it out for some microservice shenanigans and stay tuned for part two that covers auth->RCE next week.
Reposted by realansgar
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.
portswigger.net/research/sam...
portswigger.net/research/sam...
SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library
portswigger.net
March 18, 2025 at 2:57 PM
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study.
portswigger.net/research/sam...
portswigger.net/research/sam...
Reposted by realansgar
Inspired by x.com/PaulosYibelo, I thought about what improvements I could make to trick users into pressing buttons that perform sensitive actions. Finding some vulnerable targets along the way!
Read the details in my latest blog post below:
jorianwoltjer.com/blog/p/hacki...
Read the details in my latest blog post below:
jorianwoltjer.com/blog/p/hacki...
Post: Pressing Buttons with Popups (on Twitch, LinkedIn and more) | Jorian Woltjer
Combining existing research with my own experiments to create a realistic proof of concept that forces an OAuth authorization with a single key press. Learn the ins and outs of popup blockers and focu...
jorianwoltjer.com
February 23, 2025 at 2:21 PM
Inspired by x.com/PaulosYibelo, I thought about what improvements I could make to trick users into pressing buttons that perform sensitive actions. Finding some vulnerable targets along the way!
Read the details in my latest blog post below:
jorianwoltjer.com/blog/p/hacki...
Read the details in my latest blog post below:
jorianwoltjer.com/blog/p/hacki...
Reposted by realansgar
Wow, thanks for 2nd place! Didn't expect this, maybe it's my sign to finally write it down in text form and tackle all the follow-up ideas 👀
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 6, 2025 at 9:18 AM
Wow, thanks for 2nd place! Didn't expect this, maybe it's my sign to finally write it down in text form and tackle all the follow-up ideas 👀
Reposted by realansgar
D-Trust möchte gern von der eigenen Verantwortung für ein großes Datenleck ablenken. Der CCC erklärt die Hintergründe und fordert Konsequenzen. (ja, es war mal wieder 1 von uns lol sorry)
www.ccc.de/de/updates/2...
www.ccc.de/de/updates/2...
CCC | 5-Punkte-Plan für d(on't)-trust
Der Chaos Computer Club ist eine galaktische Gemeinschaft von Lebewesen für Informationsfreiheit und Technikfolgenabschätzung.
www.ccc.de
January 24, 2025 at 4:47 PM
D-Trust möchte gern von der eigenen Verantwortung für ein großes Datenleck ablenken. Der CCC erklärt die Hintergründe und fordert Konsequenzen. (ja, es war mal wieder 1 von uns lol sorry)
www.ccc.de/de/updates/2...
www.ccc.de/de/updates/2...
Reposted by realansgar
New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United State...
samcurry.net
January 23, 2025 at 5:44 PM
New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
I'm at 38C3, if anybody wants to chat, meet me at the FluxFingers table or call 9009 :D
December 27, 2024 at 3:49 PM
I'm at 38C3, if anybody wants to chat, meet me at the FluxFingers table or call 9009 :D