swagger-typescript-api, one of npm's most-used OpenAPI-to-TypeScript client generators (~600K downloads/week), shipped four RCE CVEs, an SSRF, and an authorization-token exfiltration. Here's how a single attacker-controlled OpenAPI spec turns a code generator into remote code execution.

Six CVEs, Four RCEs, One npm Package: Inside swagger-typescript-api's Supply-Chain Risk

Dissecting Tycoon 2FA: IP Reputation Gating, Path Tokens, and AiTM Session Theft

Checkmate - Crypto - TCT_CTF

Resourced - Intermediate - Windows - PG Practice

Crane - Intermediate - Linux - PG Practice

Plum - Intermediate - Linux - PG Practice

Hutch - Intermediate - Windows- PG Practice

Nara - Intermediate - Windows - PG Practice

Astronaut- Easy - Linux - PG Practice

Exfiltrated - Easy - Linux - PG Practice

TTTCCCPPP - Network - AirTech 2024

BackToFlag - Reversing - AirTech 2024

HideOut - Web - AirTech 2024

eCPPTv2 Exam Review (2024)

You Can't See Me - Forensics - Cyber Siege 23

why - Forensics - Cyber Siege 23

Breton - OSINT - Cyber Siege 2023

Emergency - OSINT - Cyber Siege 23

Latest

Six CVEs, Four RCEs, One npm Package: Inside swagger-typescript-api's Supply-Chain Risk

Dissecting Tycoon 2FA: IP Reputation Gating, Path Tokens, and AiTM Session Theft

Checkmate - Crypto - TCT_CTF

Resourced - Intermediate - Windows - PG Practice

Crane - Intermediate - Linux - PG Practice