Hacker News: pentestercrab

When Dawkins met Claude – Could this AI be conscious?

pentestercrab — Fri, 01 May 2026 08:36:19 +0000

https://archive.ph/Rq5bw

Comments URL: https://news.ycombinator.com/item?id=47972481

Points: 60

# Comments: 422

Ruby Array Pack Bleed

pentestercrab — Tue, 06 Jan 2026 23:46:24 +0000

Article URL: https://nastystereo.com/security/ruby-pack.html

Comments URL: https://news.ycombinator.com/item?id=46520566

Points: 62

# Comments: 1

Ruby Array Pack Bleed – Impacts Ruby 1.6.7 to 4.0.0

pentestercrab — Tue, 30 Dec 2025 11:14:30 +0000

Article URL: https://nastystereo.com/security/ruby-pack.html

Comments URL: https://news.ycombinator.com/item?id=46432066

Points: 9

# Comments: 0

Inline Style Exfiltration: leaking data with chained CSS conditionals

pentestercrab — Wed, 27 Aug 2025 13:33:58 +0000

Article URL: https://portswigger.net/research/inline-style-exfiltration

Comments URL: https://news.ycombinator.com/item?id=45039468

Points: 1

# Comments: 0

Marshal madness: A brief history of Ruby deserialization exploits

pentestercrab — Wed, 20 Aug 2025 11:41:33 +0000

Article URL: https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/

Comments URL: https://news.ycombinator.com/item?id=44960942

Points: 25

# Comments: 4

Breaking the Sorting Barrier for Directed Single-Source Shortest Paths

pentestercrab — Sat, 09 Aug 2025 05:34:09 +0000

Article URL: https://arxiv.org/abs/2504.17033

Comments URL: https://news.ycombinator.com/item?id=44844257

Points: 99

# Comments: 3

New comment by pentestercrab in "Google's shortened goo.gl links will stop working next month"

pentestercrab — Fri, 25 Jul 2025 15:58:38 +0000

There seems to have been a recent uptick in phishers using goo.gl URLs. Yes, even without new URLs being accepted by registering expired domains with an old reference.

New comment by pentestercrab in "Former cybersecurity chief Chris Krebs leaves SentinelOne after executive order"

pentestercrab — Wed, 16 Apr 2025 23:32:36 +0000

The risky.biz podcast episode got pulled too: https://bsky.app/profile/patrick.risky.biz/post/3lmioqiobks2...

New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails

pentestercrab — Wed, 05 Mar 2025 05:00:39 +0000

Article URL: https://www.elttam.com/blog/rails-sqlite-gadget-rce/

Comments URL: https://news.ycombinator.com/item?id=43263040

Points: 1

# Comments: 0

Escaping Ruby's Gem:SafeMarshal Sandbox

pentestercrab — Fri, 10 Jan 2025 17:14:34 +0000

Article URL: https://nastystereo.com/security/ruby-safe-marshal-escape.html

Comments URL: https://news.ycombinator.com/item?id=42657575

Points: 2

# Comments: 1

Escaping Ruby's Gem:SafeMarshal Sandbox

pentestercrab — Thu, 26 Dec 2024 05:30:27 +0000

Article URL: https://nastystereo.com/security/ruby-safe-marshal-escape.html

Comments URL: https://news.ycombinator.com/item?id=42513334

Points: 3

# Comments: 0

RubyGem's Gem:SafeMarshal buffer overrun with length larger than fit into a byte

pentestercrab — Sat, 07 Dec 2024 06:22:37 +0000

Article URL: https://github.com/rubygems/rubygems/pull/8305

Comments URL: https://news.ycombinator.com/item?id=42347679

Points: 1

# Comments: 0

CORS Vulnerabilities in Go: Vulnerable Patterns and Lessons

pentestercrab — Tue, 03 Dec 2024 17:38:59 +0000

Article URL: https://pentesterlab.com/blog/golang-cors-vulnerabilities

Comments URL: https://news.ycombinator.com/item?id=42308815

Points: 1

# Comments: 0

Shiny Vulnerabilities in R's Most Popular Web Framework

pentestercrab — Mon, 02 Dec 2024 15:54:15 +0000

Article URL: https://nastystereo.com/security/r-shiny-bugs.html

Comments URL: https://news.ycombinator.com/item?id=42297365

Points: 1

# Comments: 0

PentesterLab: Web Hacking and Security Code Review 600 exercises and 700 videos

pentestercrab — Wed, 27 Nov 2024 16:16:25 +0000

Article URL: https://pentesterlab.com/

Comments URL: https://news.ycombinator.com/item?id=42257187

Points: 1

# Comments: 0

Cross-Site Post Requests Without a Content-Type Header – CSRF Attack

pentestercrab — Wed, 27 Nov 2024 09:28:30 +0000

Article URL: https://nastystereo.com/security/cross-site-post-without-content-type.html

Comments URL: https://news.ycombinator.com/item?id=42254457

Points: 2

# Comments: 0

Execute commands by sending JSON? Ruby deserialization vulnerabilities

pentestercrab — Mon, 25 Nov 2024 07:44:32 +0000

Article URL: https://github.blog/security/vulnerability-research/execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/

Comments URL: https://news.ycombinator.com/item?id=42234085

Points: 2

# Comments: 0

JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review

pentestercrab — Mon, 25 Nov 2024 06:45:10 +0000

Article URL: https://pentesterlab.com/blog/jwt-algorithm-confusion-code-review-lessons

Comments URL: https://news.ycombinator.com/item?id=42233831

Points: 3

# Comments: 0

Chosen-Prefix Collisions on AES-Like Hashing

pentestercrab — Mon, 25 Nov 2024 06:01:51 +0000

Article URL: https://eprint.iacr.org/2024/1888

Comments URL: https://news.ycombinator.com/item?id=42233648

Points: 2

# Comments: 0

New comment by pentestercrab in "Ruby 3.4 Universal RCE Deserialization Gadget Chain"

pentestercrab — Mon, 25 Nov 2024 06:01:07 +0000

Once again GTFOBins[0] proving to be a valuable resource.

[0] https://gtfobins.github.io/