Bad news: pay-to-win made it to CTFs. Good news: we paid first.
DOM clobbering, domain takeovers, shared process slowdowns, and CSS exfiltration, oh my!
I can sorta do CTF problems – but deep down, I’m a DevOps guy.
How on earth do SVGs have so many security vulnerabilities?
I love Firebase. So this really was the perfect challenge for me.
Oh, JWTs. A well-intentioned standard, for sure – but my god, the number of implementation mistakes you can make.