Web Exploit Challenge FLAG [closed]
Can anyone find the flag in this website, the flag is in CSC25{…} format.
The website: https://ilyrcvhcal-ctf.cybersecuritychallenge.al/
Category Archives: web browser
Focusing on ecosystem
"Beyond the hardware, how do the integrated software ecosystems of Samsung’s One Ul and Apple’s iOS differ in terms of user experience, app compatibility, and cross device functionality ***
emphasized text
Why are browser HTTP auth schemes stuck in 1999?
Chromium supports Basic, Digest, NTLM, and Negotiate HTTP authentication schemes. Of those, the newest is Negotiate, which was present no later than 1999, because IE5 supported it (!!!). I can’t find a comparable reference for what Firefox… Continue reading Why are browser HTTP auth schemes stuck in 1999?
End-to-End Encrypted Proxy Using Password Protected Certificate
I have a thought experiment for the community, curious what everyone’s take on it is, specifically what are the major flaws in the idea and how could those be addressed without significantly diverging from the main objective.
Objective
I w… Continue reading End-to-End Encrypted Proxy Using Password Protected Certificate
How does an "enterprise browser" work?
There are some new security companies selling what they call "enterprise browsers". For instance, Island (https://www.island.io/blog/what-is-an-enterprise-browser) is one of them. Both Microsoft and Google also have enterprise ve… Continue reading How does an "enterprise browser" work?
Is the Origin header trustworthy for requests sent by the browser?
In another question, I implied that an application can check the Origin request header to determine where the request is from. I was under the assumption that the browser sets this to the origin of the domain the request originates from, a… Continue reading Is the Origin header trustworthy for requests sent by the browser?
Is the Origin header trustworthy for requests sent by the browser?
In another question, I implied that an application can check the Origin request header to determine where the request is from. I was under the assumption that the browser sets this to the origin of the domain the request originates from, a… Continue reading Is the Origin header trustworthy for requests sent by the browser?
Dillo Turns 25, and Releases a New Version
The chances are overwhelming, that you are reading this article on a web browser powered by some form of the Blink or WebKit browser engines as used by Google, Apple, …read more Continue reading Dillo Turns 25, and Releases a New Version
Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?
Let’s say you serve a website with the header Cross-Origin-Opener-Policy: same-origin. This is a new header that, if I understood it correctly, completely separates a browsing tab/origin to prevent against such low-level attacks like CPU-m… Continue reading Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?
Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?
Let’s say you serve a website with the header Cross-Origin-Opener-Policy: same-origin. This is a new header that, if I understood it correctly, completely separates a browsing tab/origin to prevent against such low-level attacks like CPU-m… Continue reading Why does Cross-Origin-Opener-Policy prevent opening links to the same-origin/domain when target="_blank" is used?