0

Authentication bypass on Ubiquity’s SSO via subdomain takeover of ping.ubnt.com

I publicly disclosed a vulnerability that I responsibly disclosed to Ubiquity via the HackerOne platform. It concerned a subdomain takeover issue via Amazon Cloudfront (ping.ubnt.com) in combination with shared session cookies between subdomains on *.ubnt.com, which ultimately lead to a complete Authentication Bypass of their SSO system (sso.ubnt.com). It can be found here.

1

Hack.LU 2016 CTF DataOnly Writeup

Introduction

I participated in the Hack.LU CTF again this year with, just like in 2013, but now together with the great Team HacknamStyle from KU Leuven. We ended up 24th of 220 active teams by solving the DataOnly challenge (52 solves), among others:

DataOnly (Category: Exploiting)

Cthulhu is too chaotic and has lost the machine with his files. Cthulhu still has an old fileserver running on it though… Get the flag from /flag in the filesystem. Connect to cthulhu.fluxfingers.net:1509. Binaries.

Continue Reading

0

Hack.LU 2016 CTF CthCoin Writeup

Introduction

I participated in the Hack.LU CTF again this year with, just like in 2013, but now together with the great Team HacknamStyle from KU Leuven. We ended up 24th of 220 active teams by solving the CthCoin challenge (20 solves), among others:

CthCoin (Category: Crypto/Web)

Cthulhu awakens and all worshippers will be rewarded greatly! A new Cryptocurrency was created, and Cthulhu generous gives away free coins. Can you break it, but be careful do not provoke him.

Continue Reading