splitline 👁️🐈‍⬛

338 posts

splitline 👁️🐈‍⬛

@_splitline_

@D3VC0R3 / CTF with ${cYsTiCk} / 友民党 / Tai-gi, zh-TW, en-US, es-PY / 🐈‍⬛

Tsu-lô-Kuān, Tâi-uân Inscrit le Temmuz 2019

592 Abonnements1.4K Abonnés

splitline 👁️🐈‍⬛ retweeté

slonser@slonser_·9 Mar

And this makes sense given how many CTFs are held per year. However, the ideal CTF challenge, in my opinion, should follow this formula: "The author conducted a mini-research project and instead of publishing it, turned it into a challenge."

English

125

12.9K

splitline 👁️🐈‍⬛ retweeté

LiveOverflow 🔴@LiveOverflow·2 Mar

What I’ve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter. I totally get the frustration of AI, but there is no solution other than accepting the change.

siunam@siunam321

I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲

English

447

68K

splitline 👁️🐈‍⬛ retweeté

dimden@dimden·28 Oca

ZXX

797

7.4K

267.1K

splitline 👁️🐈‍⬛ retweeté

maple3142@maple3142·5 Ara

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

English

434

546.1K

splitline 👁️🐈‍⬛ retweeté

Pumpkin 🎃@u1f383·26 Haz

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…

English

110

388

39.5K

splitline 👁️🐈‍⬛ retweeté

NiNi@terrynini38514·12 Şub

The blog post is the full version of my talk at 38c3. It's about some vulnerabilities we found in libarchive and some interesting behaviors of libarchive that you don't want to miss. My favorite part is it only took us 56 seconds to trigger a crash by AFL++.

DEVCORE@d3vc0r3

Our latest deep dive explores libarchive vulnerabilities under recent Windows 11 updates. 🔍🔓 Check out NiNi's (@terrynini38514) technical write-up for key insights and security implications. Read more here: devco.re/blog/2025/02/1… #VulnerabilityResearch #Cybersecurity

English

13.3K

splitline 👁️🐈‍⬛ retweeté

Renwa@RenwaX23·11 Şub

@dicegangctf @strellic This is just a rumor to make themselves feel better, CTFers doesn't have life and probably all single

English

splitline 👁️🐈‍⬛ retweeté

DEVCORE@d3vc0r3·5 Şub

🤘Congrats Orange(@orange_8361) and Splitline(@_splitline_) on making it to 2024 Top 10 Web Hacking Techniques! Check out their groundbreaking research: portswigger.net/research/top-1…

English

2.5K

splitline 👁️🐈‍⬛@_splitline_·26 Ara

I will drop one web challenge there 🐈‍⬛

ASIS-CTF@ASIS_CTF

🚨 Brace yourselves, hackers! 🚨 The #ASIS #CTF Finals 2024 are coming on December 28th! 💥 24 hours of non-stop hacking with mind-bending challenges that will push your limits. 🧠 Prepare for a thrilling ride - this is gonna be epic! #ASISCTF #CTF #Hacking

English

1.9K

splitline 👁️🐈‍⬛@_splitline_·18 Ara

@TalBeerySec @orange_8361 @BlackHatEvents I read that before, it was quite interesting! You’re right. Unicode normalization has always been a security concern, but I wouldn’t call it the core issue here. For me the root cause is still “Best-fit”. Unicode normalization is more of a broad bug category, like “injection”

English

227

Tal Be'ery@TalBeerySec·18 Ara

@orange_8361 @BlackHatEvents @_splitline_ Do you know this work presented by Microsoft's Jonathan Birch @BlackHatEvents 2019? i.blackhat.com/USA-19/Thursda… Seems like the same(?) core issue applied to a different attack surface

English

976

Orange Tsai 🍊@orange_8361·11 Ara

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈‍

English

223

783

169.9K

splitline 👁️🐈‍⬛@_splitline_·18 Ara

🍊 pumped my followers to 1k

English

1.7K

splitline 👁️🐈‍⬛@_splitline_·11 Ara

Our hackathon for that website Worst.Fit was done successfully 🥰

Orange Tsai 🍊@orange_8361

English

3.5K

splitline 👁️🐈‍⬛@_splitline_·2 Eki

Cool findings 🐈‍⬛

Orange Tsai 🍊@orange_8361

Remember CVE-2024-4577, the PHP-CGI RCE bypass? Actually, the Best-Fit 'feature' also impacts non-CJK codepages such as locales in the Americas, Western Europe, Oceania, and more! @_splitline_ and I will share these cool findings at @BlackHatEvents! 🔥 Let's make argument injection great again! 😉 #worstfit-unveiling-hidden-transformers-in-windows-ansi-42637" target="_blank" rel="nofollow noopener">blackhat.com/eu-24/briefing…

English

2.5K

splitline 👁️🐈‍⬛ retweeté

Angelboy@scwuaptx·23 Ağu

Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out: devco.re/blog/2024/08/2…

English

125

325

45.1K

splitline 👁️🐈‍⬛@_splitline_·22 Ağu

I made one harder challenge 🐈‍⬛ wargame.d3vc0r3.tw

Cyku@cyku_tw

I've prepared 3 easy wargame challenges for HITCON CMT 2024 event, plus my coworker's challenge for a total of 7 challenges. I hope everyone enjoys them🥳

English

2.3K

splitline 👁️🐈‍⬛ retweeté

Pumpkin 🎃@u1f383·19 Tem

I created a Linux Kernel challenge “Halloween” for the HITCON CTF Qual 2024 :). Below are the official writeup for “Halloween” and the unofficial writeups for "v8sbx" and "reEscape". Enjoy it! Halloween & v8sbx: u1f383.github.io/ctf/2024/07/16… reEscape: u1f383.github.io/ctf/2024/07/18…

English

147

13.9K

splitline 👁️🐈‍⬛@_splitline_·7 Haz

Dreaming back to 2012 👀

Orange Tsai 🍊@orange_8361

PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥 blog.orange.tw/2024/06/cve-20…

English

1.1K

splitline 👁️🐈‍⬛ retweeté

Orange Tsai 🍊@orange_8361·7 Haz

PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥 blog.orange.tw/2024/06/cve-20…

English

341

1.2K

134.8K

splitline 👁️🐈‍⬛ retweeté