345 matches found
50M_CTF_Writeup
It is an offensive tool for CTF Capture The Flag challenges. The repository contains a writeup for a $50 million CTF challenge, which includes a binary image that needs to be decoded to reveal a hidden message. The binary image is encoded with a repeating sequence of binary digits, which can be...
Exploit-Writeups
This is a collection of writeups for various CTF Capture The Flag challenges, specifically focusing on reverse engineering RE, pwnables, and miscellaneous challenges. The writeups are from the EncryptCTF-2019 and DawgCTF-2021 CTFs. The writeups cover a range of challenges, from simple to complex,...
AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models
We introduce AIRTBench, an AI red teaming benchmark for evaluating language models' ability to autonomously discover and exploit Artificial Intelligence and Machine Learning AI/ML security vulnerabilities. The benchmark consists of 70 realistic black-box capture-the-flag CTF challenges from the...
Malicious code in @exitman_ctf/steal (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-4490 Malicious code in mirror-chat-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05a80d5c1613fb9a0db9f6d2b95f12da296ef2ac3f58be607c601a87c73d840e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mirror-chat-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05a80d5c1613fb9a0db9f6d2b95f12da296ef2ac3f58be607c601a87c73d840e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-4349
A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
RedTeamLLM: an Agentic AI Framework for Offensive Security
From automated intrusion testing to discovery of zero-day attacks before software launch, agentic AI calls for great promises in security engineering. This strong capability is bound with a similar threat: the security and research community must build up its models before the approach is leverag...
Exploit for CVE-2024-53900
CTF Challenge - Mongoose RCE CVE-2024-53900 Challenge Overvie...
Malicious code in ctf-aio-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1641f444ea0056686d1421b67d63c1a6fd944999ed4dff175924de88f1d5182a Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...
MAL-2025-2952 Malicious code in ctf-aio-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1641f444ea0056686d1421b67d63c1a6fd944999ed4dff175924de88f1d5182a Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...
chameli (>=0.1.12 <=0.1.16), clotho (=0.1.0) +12 more potentially affected by CVE-2025-23217 via mitmproxy (>=10.1.5 <=11.0.2)
mitmproxy PYPI version =10.1.5, =0.1.12, =0.1.0, =4.0.0, =0.34.0, =0.11.0, =1.0.0, =1.1.0, =0.1.0, =3.2.0, =0.0.1, =0.0.3 Source cves: CVE-2025-23217 Source advisory: OSV:GHSA-WG33-5H85-7Q5P...
MAL-2025-736 Malicious code in is-number-ctf (npm)
The package opens up arbitrary backdoor port that allows bad actors to connect to. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293adcb6e55e85876a036859d67bad46448785e1ef890c061977fb93cd4fe97a Any computer that has this package installed or running should be...
Malicious code in is-number-ctf (npm)
The package opens up arbitrary backdoor port that allows bad actors to connect to. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293adcb6e55e85876a036859d67bad46448785e1ef890c061977fb93cd4fe97a Any computer that has this package installed or running should be...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2020-9484 with interactive mode and args Designed speci...
Exploit for Code Injection in Sqlpad
CVE-2022-0944 SQLPad - Template injection This is a blind vul...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
CVE-2024-32002 1. Edit exploit.sh file replace the reposit...
Introducing the Prompt Airlines CTF: Test Your AI Security Skills
Wiz is excited to announce "Prompt Airlines," a new cloud security Capture The Flag CTF event focused on AI vulnerabilities...
Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms
CVE-2023-4220-Exploit LMS Chamilo 1.11.24 CVE-2023-4220 Explo...
Exploit for Code Injection in Reportlab
CVE-2023-33733-POC Disclamer I did not, nor do I take credi...