@AnisBoss_ profile picture
Anis_Boss @AnisBoss_

Interested in Cyber Security | REV, PWN | CTF Player at @the3000org | (1.01)^365== 37.8 | pwn-diaries.com

Joined July 2017
  • Tweets 115
  • Following 234
  • Followers 187
3 Photos and videos
Anis_Boss@AnisBoss_
29 Mar 2025
Check out my article on Bash: bypassing command restrictions with obfuscated commands in the latest issue of PagedOut, and all the other cool articles while you are at it.
PagedOut@pagedout_zine
29 Mar 2025
Paged Out! #6 has arrived! And it's jam-packed with content! You can download it here: pagedout.institute/?page=iss…
11
232
Anis_Boss retweeted
Thomas Rinsma@thomasrinsma
2 Jul 2024
I'm very excited to finally share the first part of the research I did into Ghostscript. This post details the exploitation of CVE-2024-29510, a classic format string bug, which we abuse to bypass the SAFER sandbox and gain RCE. codeanlabs.com/blog/research…

3
91
261
31,252
Anis_Boss retweeted
Thomas Rinsma@thomasrinsma
30 Dec 2023
If you have a Pico and an old Gameboy, try hooking its PWM output up to the GB's crystal input. Turns out this just works! (at your own risk, this might not be good for the GB's CPU long term..) th0mas.nl/2023/12/28/overclo…
0:48
1
5
22
2,701
Anis_Boss retweeted
Zimperium@Zimperium
27 Mar 2023
The most common mobile app attack vectors include: Rooted or jailbroken devices; Network attacks; & Malicious apps. This & more takeaways from our recent webinar w/ @Riscure's @AnisBoss_ and Zimperium's Tim Hartog & @bdogd: bit.ly/3K6Q0SQ #WeSecureMobile #MobileSecurity

A Comprehensive Guide to Mobile App Security - Zimperium

true

zimperium.com
2
2
462
Anis_Boss retweeted
Borgi@AymenBorgi
26 Feb 2023
Glad to share with you my recently discovered CVE in zone minder product (CVE-2023-26039). The vulnerability has been discovered during pb ctf 2023, thanks to @Unblvr1 for the great challenge. Link: github.com/ZoneMinder/zonemi…

Command injection in daemonControl() API

### Impact Command injection in daemonControl() (`/web/api/app/Controller/HostController.php`): Any authenticated user can construct an api command to execute any shell command as the web user. ...

github.com
5
26
1,108
Anis_Boss retweeted
Thomas Rinsma@thomasrinsma
22 Feb 2023
Last year, @krvalk and I uncovered a series of vulnerabilities in Feathers.js, Sequelize and SocketIO that lead to critical issues for our client. Now that everything is fixed, here's our write-up of this journey into Javascript madness. codean.io/blog/vulnerability…
5
11
1,239
Anis_Boss retweeted
Martijn Bogaard@jmartijnb
5 Feb 2022
The slides for the @offensive_con talk “Bug Hunting S21's 10ADAB1E FW” of @ffmenarini and myself can be found here: dropbox.com/s/2f14ga52jguu5c… Enjoy! We are still around at the conference so stop by and say hi.

OffensiveCon 2022 - Bug Hunting S21s 10ADAB1E FW.pdf

Shared with Dropbox

dropbox.com
37
93
Anis_Boss retweeted
rekter0
@rekter0
5 Dec 2021
Exploiting NFS server via SSRF #HITCON CTF 2021 Metamon-Verse Writeup r0.haxors.org/posts?id=27

r0 · HITCON CTF 2021 Metamon-Verse Writeup

# Summary The flask App is running as root and it's some sort of a webproxy with an NFS share Flag is owned by root in directory with suid binary to read it,…

r0.xyz
1
51
168
Anis_Boss retweeted
rekter0
@rekter0
22 Oct 2021
Moodle Stored XSS and Blind SSRF i've found earlier this year with @holme_sec r0.haxors.org/posts?id=20

r0 · Moodle - Stored XSS and blind SSRF possible via feedback answer text

| | | | --- | --- | | Versions affected | 3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 | | CVE identifier | CVE-2021-20280 | # Summary When…

r0.xyz
35
102
Anis_Boss retweeted
kaftejiman@kaftejiman
17 May 2021
A small writeup about HelloWorld challenge in CTF 3k2021. #font #truetype #stack-based-vm #assembly github.com/kaftejiman/ctf_ch…
2
5
Anis_Boss retweeted
Maher@azz_maher
17 May 2021
#3kCTF-21 exploits to echo and klibrary, two kernel challenges that I created for this CTF: github.com/MaherAzzouzi/Linu… and here exploits for the user-land challenges iterrun - stdout and masterc : github.com/MaherAzzouzi/Linu…

1
3
14
Anis_Boss retweeted
rekter0
@rekter0
17 May 2021
#3kCTF-2021 my pwn challenges exploits telnet github.com/rekter0/ctf/blob/… babyrtos github.com/rekter0/ctf/blob/…
4
12
Anis_Boss retweeted
rekter0
@rekter0
17 May 2021
#3kCTF-2021 - ppaste writeup r0.haxors.org/posts?id=15

r0 · 3kCTF-2021 - ppaste writeup

# Scope ppaste is an internal tool we use to share pastes, and where we also store a flag, we're most interested if that could be leaked. URL :…

r0.xyz
3
18
Anis_Boss retweeted
the3000@the3000org
16 May 2021
#3kCTF-2021 is over, Thank you for playing ! Final scoreboard: 1- Never Stop Exploiting 2- Black Bauhinia - @BlackB6a 3- zer0pts - @zer0pts 4- greunion - @greunion_ctf 5- zh3r0
1
5
26
Anis_Boss retweeted
the3000@the3000org
16 May 2021
#3kCTF-2021 ~12 hours left 8 challenges remain unsolved Current standing 1- Black Bauhinia - @BlackB6a 2- Never Stop Exploiting 3- greunion - @greunion_ctf
5
13
Anis_Boss retweeted
the3000@the3000org
15 May 2021
#3kCTF-2021 10 hours later, current standing 1- Black Bauhinia 2- Never Stop Exploiting 3- ISITDTU
3
9
Anis_Boss retweeted
the3000@the3000org
12 May 2021
We're excited to partner with @1Password for #3kCTF There'll be 1 Free Year of 1Password Families for all participants 2021.ctf.the3000.org/
7
20
Anis_Boss retweeted
the3000@the3000org
12 May 2021
about 3 days to go, registration is open at: 2021.ctf.the3000.org/home We're Happy to have @SpyseHQ as a sponsor #3kCTF
8
14
Anis_Boss retweeted
the3000@the3000org
5 May 2021
less than 10 days, registration is open at: 2021.ctf.the3000.org/home We're Happy to have @MaltegoHQ as a sponsor #3kCTF
6
19
Anis_Boss retweeted
the3000@the3000org
14 Apr 2021
About one month to go for 3kCTF-2021 Registration is open at: 2021.ctf.the3000.org/home We're Happy to have @intigriti sponsoring the event
4
13
Load more