CTFs + WebSec 2025-12-11T10:20:00.000Z https://blog.pspaul.de/ pspaul Hexo https://x.com/wiz_io/status/1999487646117298407 2025-12-11T10:20:00.000Z 2025-12-11T10:20:00.000Z https://x.com/wiz_io/status/1999487646117298407 2025-12-10T12:30:00.000Z 2025-12-10T12:30:00.000Z https://www.sonarsource.com/blog/zombie-workflows-a-github-actions-horror-story/ 2025-12-09T16:00:00.000Z 2025-12-09T16:00:00.000Z https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/ 2025-11-04T16:00:00.000Z 2025-11-04T16:00:00.000Z https://www.youtube.com/watch?v=YjCHGWIGxbU 2025-10-24T09:15:00.000Z 2025-10-24T09:15:00.000Z https://www.sonarsource.com/blog/code-security-for-conversational-ai-uncovering-a-zip-slip-in-eddi/ 2025-09-16T15:00:00.000Z 2025-09-16T15:00:00.000Z https://www.sonarsource.com/blog/securing-kotlin-apps-with-sonarqube-real-world-examples/ 2025-07-15T15:00:00.000Z 2025-07-15T15:00:00.000Z https://troopers.de/troopers25/talks/qga8hg/ 2025-06-25T12:15:00.000Z 2025-06-25T12:15:00.000Z https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/ 2025-06-10T15:00:00.000Z 2025-06-10T15:00:00.000Z https://www.sonarsource.com/blog/data-in-danger-detecting-xss-in-grafana-cve-2025-2703/ 2025-04-24T15:00:00.000Z 2025-04-24T15:00:00.000Z https://www.sonarsource.com/blog/beware-the-cookie-monster-cyberhaven-extension-vulnerability-allowed-cookie-theft/ 2025-02-26T16:00:00.000Z 2025-02-26T16:00:00.000Z https://blog.pspaul.de/posts/gymtok-breaking-tls-with-alt-svc/ 2025-02-18T23:00:00.000Z 2025-02-18T23:00:00.000Z

Ever wondered what the Alt-Svc response header is used for? Turns out it can be used to become a Man-in-the-Middle and attack TLS!

https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/ 2024-10-28T19:50:36.000Z 2024-10-28T19:50:36.000Z

Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler. The VPN client used the pacparser library to decide which HTTP requests to proxied based on a PAC file.

https://www.youtube.com/watch?v=N1FAOb1krBk 2024-10-24T13:30:00.000Z 2024-10-24T13:30:00.000Z

SQL injections seem to be a solved problem; databases have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application's database connection.

https://blog.pspaul.de/posts/bench-press-leaking-text-nodes-with-css/ 2024-10-20T18:00:00.000Z 2024-10-20T18:00:00.000Z

Some time ago, while reading up on new CSS features, I asked myself: Is it possible to leak the entire content of an HTML text node only using CSS?

https://www.youtube.com/watch?v=Tfg1B8u1yvE 2024-08-10T12:00:00.000Z 2024-08-10T12:00:00.000Z

SQL injections seem to be a solved problem; databases have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application's database connection.

https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-2/ 2024-07-09T15:00:00.000Z 2024-07-09T15:00:00.000Z https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/ 2024-07-02T15:00:00.000Z 2024-07-02T15:00:00.000Z https://blog.pspaul.de/posts/justctf-2024-teaser-casino/ 2024-06-19T00:08:00.000Z 2024-06-19T00:08:00.000Z

<div class="challenge"> <div class="challenge-header"> <div> <div>

https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/ 2024-06-17T15:00:00.000Z 2024-06-17T15:00:00.000Z