PHP strip_tags not a complete protection against XSS (Repost From Archive)

PHP strip_tags not a complete protection against XSS” was originally written by Dan Guido when he was a student in the ISIS Lab.

Writing an XSS Worm

This was done while interning at Gotham Digital Science and the original blog post can be found here:

Oh Compiler, You so Crazy...

For Hack NightNitin and I set about teaching students how to read and write x86 assembly. I was tasked with teaching students how to write x86. Naturally, being short on time I decided to  cheat by writing some C code, compiling it, and taking a peek at the output before walking students through how to manually compile code by hand. When I compiled my demos, there was one particular control flow structure that threw me for a loop (no pun intended.)  It was a particular kind of switch; I’d describe it to you but I may as well just share the code.

You Can't Stop The Ropasaurus Rex PlaidCTF 2013

This past weekend, April 19th 2013 in the year of our lord, Brooklynt Overflow assembled to partake in the spectacle of pwning known as PlaidCTF. I’m particularly fond of PlaidCTF because it is the first CTF that I played in as a member of Brooklynt Overflow so many years ago and is usually on or around my birthday. Anyway, enough about me and onto the pwnage. Late in the first day I set my eyes on the RopasaurusRex pwnable for 200 points. RopasaursRex is a very simple binary with two functions.

Hardware Hacking Week Recap

If you were busy in Cancun over spring break, you missed out on our hardware hacking workshop in the ISIS lab!

UCSB iCTF 2013: Water Write-Up


We Solved Security!

We hope you enjoyed our April Fools’ Joke!  Subscribe to our blog for technical posts on offensive security.  Check out our program here.

Clang does not compile with stack cookies by default.

Just a bit of warning about clang. By the default state the clang compiler does not install stack cookie checks to its function calls.