Hacking Techniques

HeroCTF v6 Writeups

Kévin Mizu’s blog is always a quality read when it for CTF writeups. In this one, he describes three challenges from HeroCTF. The one I think is most likely to become useful is the second one that describes how does the client-side caching work and how it can be...

npm search RCE – Escape Sequence Injection

The bugs in this blogpost are very interesting. In short, the author uses escape sequences to execute a terminal command while only controlling the command’s output. I’ve read it a few times and I still don’t understand 100% how does it work. I think it might also...