vicevirus’ Blog
Yo, welcome to my blog! I write tech stuff and play CTFs for fun. (still a noob)
🔎 Why Letting Anyone Run Terraform on Your Runner Might Be a Terrible Idea
Did you know Terraform can run code during plan? No approval needed. Here's how external data sources and file() can leak your credentials before anyone clicks "apply".
🔎 Simple Command Injection via ImageMagick Handler in CodeIgniter 4 + Magic of Agent? (CVE-2025-54418) (1)
Simple Command Injection found in CodeIgniter 4 plus yapping about AI agents…
CYDES 2025: ICS Cyber Siege CTF Experience + Prelim Web Writeup
CYDES 2025: ICS Cyber Siege CTF Experience + Prelims Web Writeup
🔎 Maybe whitelisting Cloudflare IPs isn’t always a good idea…
How whitelisting Cloudflare IP can be dangerous in certain cases
🔎 TeX-ing the Limits: When a Patch Falls Short (CVE-2025-26525)
LaTeX local file read vulnerability
Wargames.my WGMY 2024 Web Write-up
Wargames.my 2024 Web Writeup - Writeup on some of the web challenges in WGMY 2024. Twig php argc_argv template injection, kubernetes auth vault reading, vulnerable Wordpress plugin leading to LFI/LFR, OpenRASP bypass by loading custom/external class
BackdoorCTF'24 Writeup
BackdoorCTF'24 Writeup - Some of the web challenges. Prompt injection, DOM Clobber, CSS Injection through font-face.
🔎 spatie/browsershot ≤ 5.0.0: Improper Input Validation Leading to Local File Read (LFR) CVE-2024-21544
Improper Input Validation in spatie/browsershot ≤ 5.0.0. CVE-2024-21544
ASEAN Cyber Shield 2024 Prelim and Finals Write-up
ASEAN CYBER SHIELD HACKING CONTEST 2024 - Prelim & Finals Write-up of challenges that I managed to solve
Battle of Hackers 2024 (BOH/IBOH 2024) Local Category - Web Writeup
BOH/IBOH 2024 - All Web challenges writeup. Bunch of web stuff