TL;DR: The challenge goal is to provide CodeQL script finds specific function that returns 42 and would be run over some auto-generated random python code. The solution should be CodeQL that statically analyze auto-generated random python code and evaluate only the function that returns 42 Our Solution combines...
Read MoreChallenge Overview https://2024.ctf.sekai.team/challenges/#Funny-lfr-14 The challenge provides a dockerfile and a python application - both required to create the web server. The docker file is short, and contains the following code: We can immediately understand by looking at the dockerfile code that the flag is kept as a local environment...
Read More
Executive Summary WinRAR, 500+ million users, is exposed to new vulnerabilities (CVE-2023-40477, CVE-2023-38831). Today, we present for the first-time: A PoC for CVE-2023-40477 (At time of writing) Although considered RCE & assumed to be exploitable, its' impact in reality doesn't look promising because of numerous...
Read More
The Evolution of Phishing AIOP: "AI-Oriented Phishing" Yoav Sakal & Wild Pointer Team Intro Nowadays, Phishing became huge part of cyber-crime, where around 90% of cyber-attacks starts with a phishing scam & more than 30% of phishing emails are opened, The phishing attack vector has become a huge...
Read MoreThis will be an updated list of threats being discovered available out there while honeypotting for the new CVE. Part of the new CVE may require auth, and we can actually see here threat actors trying to check for auth-bypass either using old vulnerabilities, e.g: CVE-2021-26855, or...
Read More
Anatomy of Ransominer Yoav Sakal & Barak Sternberg Intro Nowadays, when ransomware are spreading widely, driving many new incidents and causing damage, we've tackled in our last research to unravel a new malware that tries to win it all - combining ransomware and cryptomining into one. Although the...
Read More