TL;DR: The combination of a less than great vulnerability handling processes by Adobe, and the use of default credentials by Microsoft yielded remote code execution on the signout.live.com domain. The following remote code execution vulnerability in the signout.live.com service was reported to the Microsoft Security Response Center in late 2015...

Over the last two days I've been participating in the Boston Key Party (BKP) CTF with a group ephemerally known as 'Fear Of A Whitehat Planet'. In the end, we didn't do too badly - with all of the web challenges, a couple of crypto, and only one of the...

Over the last two days I've been participating in the Boston Key Party (BKP) CTF with a group ephemerally known as 'Fear Of A Whitehat Planet'. In the end, we didn't do too badly - with all of the web challenges, a couple of crypto, and only one of the...

Over the last two days I've been participating in the 9447 CTF with a group ephemerally known as 'Moose 1v1'. As this was my first participation in any form of CTF, and our team managed to snatch the silver for being the second to solve this particular challenge, I thought...

A number of D-Link and TRENDnet devices provide web management through the use of two services; jjhttpd for serving web content, and ncc2 for executing CGI requests. Unfortunately, there are a few vulnerabilities that exist in the ncc2 service which can allow for an attacker on the local network -...