https://bsky.app/profile/pspaul95.bsky.socialhttps://bsky.app/profile/pspaul95.bsky.social/post/3mkb2ytsn722rPwning PostgreSQL was quite fun, excited to share our research at OffensiveCon! https://www.offensivecon.org/speakers/2026/paul-gerste-and-moritz-sanft.html24 Apr 2026 17:39 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3mkb2ytsn722rhttps://bsky.app/profile/pspaul95.bsky.social/post/3m6yo6uy32c27My TROOPERS25 talk has been uploaded! If you ever wondered if "style-src: 'unsafe-line'" in your CSP is bad, this one is for you. Scriptless Attacks: Why CSS is My Favorite Programming Language https://www.youtube.com/watch?v=Owp-mHUyg9I02 Dec 2025 09:51 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3m6yo6uy32c27https://bsky.app/profile/pspaul95.bsky.social/post/3m4t3ns34yk2cThis was pretty fun to exploit! Even though I didn't manage to pwn the version used for Pwn2Own Berlin, I still learned a ton about LLMs. Maybe I can get my revenge in future competitions 🤞 [contains quote post or other embedded content]04 Nov 2025 17:45 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3m4t3ns34yk2chttps://bsky.app/profile/pspaul95.bsky.social/post/3lsjennlegk2dGreat bug chain by my team mate Yaniv that can pwn a whole org, starting with a single user click! I was also able to contribute a bit by creating my first port of a Chrome n-day exploit :) [contains quote post or other embedded content]26 Jun 2025 14:48 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3lsjennlegk2dhttps://bsky.app/profile/pspaul95.bsky.social/post/3lrbanvfmb22eThis was a fun one to discover! SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align: [contains quote post or other embedded content]10 Jun 2025 15:50 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3lrbanvfmb22ehttps://bsky.app/profile/pspaul95.bsky.social/post/3lik62alr5s2wEver wondered what the Alt-Svc header is used for? Well, it can make you a MitM if you control it! I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack! https://blog.pspaul.de/posts/gymtok-breaking-tls-with-alt-svc/19 Feb 2025 16:10 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3lik62alr5s2whttps://bsky.app/profile/pspaul95.bsky.social/post/3lhiqwzk3ms26Wow, thanks for 2nd place! Didn't expect this, maybe it's my sign to finally write it down in text form and tackle all the follow-up ideas 👀 [contains quote post or other embedded content]06 Feb 2025 09:18 +0000at://did:plc:5csjilclom6dlcdulsm5ujj2/app.bsky.feed.post/3lhiqwzk3ms26