#68

NIST’s document about AI security

NIST published a document that defines terminology in the new and growing industry of security around AI. I’m no authority in this industry but @rez0 is and he described the document as “the best AI Security Publication that he’s ever seen” and that’s a very strong...

The Find command by @TomNomNom

My terminal workflow improved drastically after watching TomNomNom’s video with STÖK about using many useful bash commands. And it was only 36 minutes… That’s why I’m very happy to see Tom publishing his own videos because I know that he uses tools you and I use daily...

XSS With Hoisting

JavaScript hoisting (yes, “hoisting” and not “hosting”) is a feature of this language I hadn’t known about until recently but then I heard about it in the CTTB podcast, saw a challenge by Johan Carlsson and read a blogpost by @brutelogic. It’s a feature that allows...

3 Nginx tricks for auth bypass

Understanding Nginx and its potential misconfigurations can lead you to find many vulnerabilities. In this article, I’ll show you Nginx tricks I learnt from a CTF I played at the 37C3 conference. It’s not a task writeup - I’ll focus on parts of the task that can be...