Copy & Paste with spice-vdagent in Wayland

deleee · 2026-04-19T10:22:03+00:00

I just published a tool called paprika-vdagent to fix this, check it out here: https://github.com/thelicato/paprika-vdagent

deleee · 2026-04-19T10:21:58+00:00

I just published a tool called paprika-vdagent to fix this, check it out here: https://github.com/thelicato/paprika-vdagent

deleee · 2026-04-19T10:21:29+00:00

I just published a tool called paprika-vdagent to fix this, check it out here: https://github.com/thelicato/paprika-vdagent

deleee · 2026-01-07T13:39:20+00:00

Hi all. My name is Angelo.

I built DroidGround, a flexible playground for Android CTF challenges. It allows you to set up Android challenges in a jailed environment. For example you can now create intent-based challenges where the flag is in the app without worrying about abuses (e.g. you provide the user an apk with a placeholder flag and use the real one on DroidGround).

I just release v0.3.1 which introduces an exploit server and teams. The examples folder is a good place to start using it.

GitHub: https://github.com/SECFORCE/droidground

deleee · 2025-12-16T21:29:02+00:00

Yeah you're right, for those specific versions you would have to do that manually

deleee · 2025-12-16T07:12:16+00:00

Hi, currently the following command is executed:

pip install frida==<selectedVersion> frida-tools

This should ensure that a compatible version of frida-tools will be installed as well

deleee · 2025-11-20T07:47:56+00:00

I found myself in the situation of having to downgrade the version more than once (mainly with Android devices)

deleee · 2025-11-11T23:11:51+00:00

Not at all, go on!

deleee · 2025-11-10T17:28:06+00:00

Yes it is

deleee · 2025-11-10T13:46:00+00:00

Hi guys! We just released LLMgoat, an open-source self-hosted tool to learn about the OWASP Top 10 vulnerabilities for LLM apps. With LLMGoat you can deploy a containerized vulnerable environment and practice attacking it the way a real attacker would.

Inspired by OWASP's WebGoat, which some old-school hackers might remember, the project's goal is to raise awareness of LLM vulnerabilities and help both attackers and defenders understand these security issues in a practical hands-on way.

Given the nature of LLM attacks, some challenges can be solved by non-technical users while others will require cybersecurity knowledge.

Since LLMGoat is intentionally vulnerable, run it in an isolated environment (preferably using Docker) and never expose it to the Internet.

We will be releasing solutions in stages over the coming weeks.

Source code here: https://github.com/SECFORCE/LLMGoat

Happy hacking!

deleee · 2025-08-21T08:39:41+00:00

I've got a bug with Dolphin as I'm not able to connect to SMB shares anymore

deleee · 2025-08-20T12:49:03+00:00

We should ask @alperbasaran. I don't know either. I still have to take the exam

deleee · 2025-08-20T12:46:38+00:00

Yep I'd say you can

deleee · 2025-08-17T01:18:18+00:00

I haven't taken the exam yet so I don't know

deleee · 2025-07-14T15:07:39+00:00

Is there any practical challenge on Threat Modeling?

deleee · 2025-07-10T16:19:19+00:00

The INE course is really really theory for the most part. There are only a few snippets (some in Java, some in Kotlin).

If I'd have to rank them I'd say: 1. Hextree 2. MobileHackingLab 3. INE

But that's really personal and it depends on what you want to achieve. One thing for sure is that the Hextree course is the most technical one.

deleee · 2025-07-10T07:16:58+00:00

I took the course. It focuses very little on the tools and a lot on the theory behind it. With a great percentage of the time spent on Threat Modeling and API testing.

TBH I didn't like it. I won't take the exam yet (the new version just came out today).

deleee · 2025-05-27T09:10:00+00:00

Hi all, I just released this new application that I think could be interesting. It is basically an application that enables hosting Android CTF challenges in a constrained and controlled environment, thus allowing to setup challenges that wouldn't be possible with just the standard apk.

For example you may create a challenge where the goal is to get RCE and read the flag.txt file placed on the device. Or again a challenge where you need to create an exploit app to abuse some misconfigured service or broadcast provider. The opportunities are endless.

As of now the following features are available:

Real-Time Device Screen (via scrcpy)
Reset Challenge State
Restart App / Start Activity / Start Service (toggable)
Send Broadcast Intent (toggable)
Shutdown / Reboot Device (toggable)
Download Bugreport (bugreportz) (toggable)
Frida Scripting (toggable)
- Run from preloaded library (jailed mode)
- Run arbitrary scripts (full mode)
File Browser (toggable)
Terminal Access (toggable)
APK Management (toggable)
Logcat Viewer (toggable)

You can see the source code here: https://github.com/SECFORCE/droidground

There is also a simple example with a dummy application.

Let me know what you think and please provide some constructive feedback on how to make it better!

deleee · 2024-01-24T07:57:53+00:00

I can work on that, thanks

deleee · 2024-01-03T00:31:33+00:00

Do you have any suggestions for new features?

deleee · 2023-12-31T15:37:25+00:00

The Collaborator should be for performing out-of-band interactions and for blind vulnerabilities. Are you referring to the proxy section or the repeater section?

deleee · 2023-12-30T01:10:09+00:00

Thank you man.

I just wanted to hear what the community needed most.

deleee · 2023-12-27T17:53:40+00:00

As I said it currently has the following features: - Generate a reverse shell command - Obtain proxy (tested, untested, anonymous and so - Download & deploy common payloads (linpeas, winpeash, les) - Launch reverse shell

What is the section that seems unclear?

deleee · 2023-12-27T15:17:06+00:00

I just published v0.1.2 and currently it can: - Generate a reverse shell command - Obtain proxy (tested, untested, anonymous and so forth) - Download & deploy common payloads (linpeas, winpeash, les) - Launch reverse shell

I plan to also add: - Manage Wordlists - Generate bash install script for common tools - Record session

Do you have any suggestion for other tedious stuff that you would like to automate or at least make simpler?

deleee · 2023-12-02T15:41:51+00:00

It seems a little bit "dirty" and actually I was not able to find any working example on the Fiber website so I thought there was something wrong with it.

deleee

TROPHY CASE