This is 🍊

台灣
Joined August 2010
Filter
Exclude
Time range
-
Near
It’s never too late to review path normalizations and break parser logics!
after Apache HTTPd Path Traversal (CVE-2021-42013/41773) I review the CVE-2018-19052 Lighttpd path traversal (credit @orange_8361 ) articles.zsxq.com/id_u2kpvxw…
0
54
1
306
Replying to @ryotkak
Amazed...
1
0
0
7
revised ;(
Life of a vulnerability reaearcher
Show this thread
7
51
1
424
Replying to @RBTree_
Who is Rem?
4
0
0
5
The OWASP Top 10 2021 is out. I'm excited the SSRF is on the list and would like to thank @vanderaj for giving me the chance to contribute to writing the section of SSRF! #owasp owasp.org/Top10/
3
122
7
567
> Who is the best CTF player in Asia? > Do you want to play in the Asian best player team at the CTF World Championships? Join and win the ACSC and go to the World Tournament! A CTF for the young generation in Asia! acsc.asia/
3
20
1
103
πŸ˜†
AppSec people get this especially @orange_8361
5
15
1
166
Replying to @dcuthbert
Of course the "new things" include some video games 😝
1
0
0
17
After spending ~2.5 months doing slides, writing presentation drafts and blogs, translating all to English (the most time-consuming and tough work πŸ˜΅β€πŸ’«), and pre-recording videos, I can finally start to play new things and new research!
20
21
1
597
Such a fantastic and clear write-up! I am impressed by chaining two logic (and URL-related) bugs to complete the exploit and the effort to enhance reliabilities on Windows Heap. Respect to them!
We have published the details of our Zoom exploit in this quite long writeup: sector7.computest.nl/post/20… tl;dr: heap buffer overflow when handling key exchange messages for chat encryption.
1
41
1
211
Replying to @nnwakelam
Sorry for the late reply, I have just done all my works! When I was playing CTFs, I feel the same as you (my teammates are genius and won lots of algorithmic contest such as ACM-ICPC/IOI). The problem I got stuck and learned for weeks. They can solve it in one night (thread 1/3)
1
29
2
191
I know it's frustrating, but still want to say please try to convince yourself that there must be one point you are better than anyone. No matter how small the point is. You can get confidences from that and go further (2/3)
1
11
0
127
For me, I convince myself I have lots of real-world hacking experiences than them. I exchanged the experiences with my time so they can't catch up with me if I keep hacking. (3/3)
1
4
0
111
Keep hacking, rocking and being awesome :D
0
2
1
106
Show this thread
Replying to @ber_m1ng
3. I guess the `Export-ExchangeCertificate` is patched last year? (did you mean CVE-2020-17083?) 4. I never meet the serialization problem (but maybe it's because I simplify the structure a lot)
1
0
0
6
Replying to @ber_m1ng
Great work! Here are some feedbacks ;) 1. Ya, implementing a WinRM client is hard, so I built a proxy to intercept the connection of Windows built-in client 2. About the encoded Webshell, it depended on where you insert the payload. For me, only `\r` and '\n' are bad chars.
0
0
0
5
Replying to @GossiTheDog
It looks like the bad guys keep eyes on usπŸ€”
1
1
0
11
A New Attack Surface on Microsoft Exchange! The series covers most of my Black Hat USA and DEFCON talks (with slides and video inside). More articles and vulnerabilities are coming soon! blog.orange.tw/2021/08/proxy…
10
549
13
1,280