Comprehensive analysis of security threats in Large Language Models (LLMs), attack techniques like prompt injection, and practical case study from the A.D.I.C. 7 challenge at CyberH2O CTF.
Write-up of the third and final machine from the CyberH2O cyberchallenge, an industrial environment with SNMP, OPC UA, Node-RED and privilege escalation.
Write-up of the second machine from the CyberH2O cyberchallenge, a hybrid environment with Docker containers and privilege escalation via Portainer.
Write-up of the first challenge of the CyberH2O cyberchallenge, focused on OSINT to locate an exposed PLC in a specific municipality.
Write-up of a classic ASIS CTF challenge: bypassing a preg_match filter that prohibits letters (A-Za-z) using XOR to generate strings without letters that, when executed in eval(), call functions such as phpinfo() or show_source(). A very useful technique for understanding type juggling and WAF bypass in PHP.
Exploiting XSS with filter bypass using HTML encoding and eval+atob to perform CSRF and exfiltrate sensitive administrator information in a CTF.
Write-up of simple CTF challenges (web and stego/crypto): type juggling in PHP, impossible conditions with is_numeric, hidden parameters in source, and stego with Stegsolve/hex.