Victor Zhu Security Analyst - Red Team Black cat hacker

[CVE-2019-5418] Ruby on Rails Arbitrary File Content Disclosure Vulnerability Lab

There is a File Content Disclosure vulnerability in Action View (Rails) <, <, <, < where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

TradingView Charting Library XSS Vulnerablity

TradingView Charting Library XSS Vulnerablity, high impact

CSAW CTF Quals '18 Ldab - Web 50 Write-Up (LDAP Injection)

CSAW CTF Qualification Round 2018 Web 50 Ldab Write-up - LDAP Injection

Redis Unauthorized Access Vulnerability Lab

If a Redis is publicly accessible and is not protected by password, a remote attacker can exploit this to gain unauthorized access to the server. Let's learn how to set up a vulnerable redis server and attack it. We will also explore how to search and verify vulnerable redis out there with powerful search engine Shodan and automated python exploit

Hack This Site Basic Missions Write-up

Hack This Site Basic Missions Write-up (Few Spoilers)

Google Games 2016 @ RPI

Have you ever heard of the Google Games? Get ready to have some fun! This "in a box" version of the Games includes head-to-head team competitions in a series of challenges including trivia, puzzles, word association, and coding.