Posts
Red team: Journey from RCE to have total control of cloud infrastructure
Analyze .NET deserialization: TypeConfuseDelegate gadget chain with BinaryFormatter
CVE-2022-26134: A look into bypass isSafeExpression check in Confluence Preauth RCE
WSO2 Carbon Server: Pre-auth RCE bug ( CVE-2022-29464)
Analyze Java deserialization: CommonsCollections2 gadget chain ( part 2 )
Analyze Java deserialization: CommonsCollections5 gadget chain ( part 1 )
Apache Log4j RCE 0day: CVE-2021-44228
DownUnder CTF 2021 - Attacking AES ECB mode - Break Me challenge
A look into CVE-2021-26084 Confluence RCE
My journey to reproduce the Proxyshell exploit chain (reported by Orange Tsai)