Skip to content
View 0x90sh's full-sized avatar
🀨
hmmmm
🀨
hmmmm
12 followers · 8 following

Achievements

Achievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: QuickdrawAchievement: Pull Shark

Highlights

Block or report 0x90sh

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
0x90sh/README.md
0x90 
root@0x90:~# whoami

Security Researcher & Software Engineer Switzerland πŸ‡¨πŸ‡­

Blog Twitter GitHub LinkedIn

$ cat /etc/motd

Offensive security, vulnerability research, and building tools that break (and fix) things. I dig into codebases, find what shouldn't be there, and write about it.

$ ls ./0day-blog/

Title Target
My First CVE: Windmill NativeTS Code Injection via Workspace Env Vars Windmill
Apache Airflow, SSTI, and the Annoying Question of What Counts as a Vulnerability Apache Airflow
Drizzle ORM Had a Real SQL Injection, and the Fix Was Refreshingly Boring Drizzle ORM

More writeups at 0x90.sh/forums/0day-blog.8/

$ cat interests.txt

Vulnerability Research    β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘   85%
Reverse Engineering       β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘   80%
Web Application Security  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘   85%
Anti-Cheat Engineering    β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘   65%
Tool Development          β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘   75%

$ cat /etc/ctf.conf

/mnt/ain

/mnt/ain

CTF team organizing the SHC

 Nopping in Heaven's Door

Nopping on Heaven's Door

Solo ranked #1 Switzerland One man army

 
0x90@swiss:~$ echo "Break it. Fix it. Write about it."

Pinned Loading

  1. HorizonMW/HorizonMW-Client HorizonMW/HorizonMW-Client Public

    C++ 237 61

  2. fairplaylab_detections fairplaylab_detections Public

    A down-to-earth, hands-on guide to understanding and combating game cheats. No moralizing, just pure technical exploration.

    C++ 1

  3. jnic-research jnic-research Public

    JNIC.dev reverse engineering research. (JNIC POC research deobfuscation tooling)

    Python 3 1

  4. qprotect-research qprotect-research Public

    qProtect virtualization research

    Java 1

  5. skidfuscator-research skidfuscator-research Public

    SKIDfuscator research repository, with some research tooling.

    Python