• 2018

  • Exploit Singapore Hotels: ezxcess.antlabs.com

  • Drupal 7 - CVE-2018-7600 PoC Writeup

  • Drupal CVE-2018-7600 分析及 PoC 构造

  • Exploiting Jolokia Agent with Java EE Servers

• 2017

  • Security Issues of Kubelet HTTP(s) Server

  • HITCON 2017 SSRFme

  • Abuse Cache of WinNTFileSystem : Yet Another Bypass of Tomcat CVE-2017-12615

  • Xdebug: A Tiny Attack Surface

  • Tunnel Manager - From RCE to Docker Escape

  • CVE-2017-11610: Supervisor Object Traversal To RCE

  • CUIT CTF Pentest Writeup

  • Yet Another PHP disable_functions Bypass

  • Fastjson Unserialize Vulnerability Write Up

  • Use DNS Rebinding to Bypass IP Restriction

• 2016

  • Hacking Aria2 RPC Daemon

  • Pwn A Camera Step by Step (Web ver.)

  • Mount NFS via Proxy

  • BGmi - 内网看番，快人一步

  • 利用 gopher 协议拓展攻击面

  • Write Up: Remote Command Execute in Wordpress 4.5.1

  • Hacking iSCSI

  • Head First FILE Stream Pointer Overflow

  • Vortex12 Writeup - The First ROP I Wrote

  • Wargame Narnia8 Write Up

• 2015

  • 从任意文件下载到系统 root 权限

  • Writeup: pwnable.kr "simple login"

  • AIS3 Pre-Exam pwn2 & pwn3 Writeup

  • Writeup: pwnable.kr "echo2"

  • Writeup: pwnable.kr "echo1" & "fsb"

  • Hacking PostgreSQL

  • Hello World, binary

  • JMX RMI Exploit 实例

  • Bit-flipping Attack 笔记

  • 笔记: Data Retrieval over DNS in SQL Injection Attacks

  • Mongodb Injection in Node.js Web Framework

• 2014

  • Padding Oracle Attack 笔记

  • SCTF Web Writeup

  • Drupal 的 callback 噩梦

  • 免费 WiFi 下看胖次的颜色几种姿势

  • GSM 嗅探笔记

  • 哈希长度扩展攻击解析