CBC Padding Oracle attack in JavaScript Explained
In this post we will explore how an attacker can break encryption by modifying encrypted data and sending it back to the vulnerable API, and how problems like these can be detected automatically using fuzzing.
Solving a CTF challenge with NodeBee - part 2
In this post we will set up an automated check with NodeBee to alert developers when a pull request contains any vulnerabilities, including our newly defined CRLF injection.
Solving a CTF challenge with NodeBee
In this post we'll take a look at the "Contrived Web" problem from PlaidCTF 2020 and how we can use NodeBee to find the hidden vulnerabilities in it.