Cory DoctorowWell this is fucking clever - hide a malicious powershell script inside a license file, assuming (correctly) that no one EVER looks inside a license file. #DEFCON31 (from Andrew Brandt' War Stories presentation)
Addison Crump@pluralistic A few years ago, we hosted a CTF where one of the challenges was accidentally published with a README that included the solution script. One solve, 1.4k competing teams.
J@addison @pluralistic Reminds me of a situation in a CTF I participated in once (I don't remember the name - it was held at Intuit's campus in socal, I think) where there was an issue with one of the flags - the organisers posted a link to the solution so the contest could proceed. I did some URL Shifting and got the rest of the solutions... I brought it to the contest organisers and, to their credit, they were like "yes, that's valid - but do you want to win that way?" - "no, I want a t-shirt."