2025-12-04
IntroductionEarly-bird injection used to be every malware author’s favorite technique to bypass Windows defender ( a lon
Quang Vo
WHOAMI
I am a Red Teamer/Offensive Security Engineer, mainly interested in Windows ( kernel ) internals and malware. Default header image by akkotta on Tumblr
Recommend Articles
2023-05-22
DescriptionIn my latest red team engagement for a very large fintech company, I found a RCE bug and landed in a very res
2022-07-18
IntroductionTypeConfuseDelegate is a gadget chain take advantage of SortedSet class calls the comparator class to sort w
2022-06-06
Reference
https://pulsesecurity.co.nz/articles/EL-Injection-WAF-Bypass
https://www.rapid7.com/blog/post/2022/06/02/activ
2022-04-22
IntroductionCVE-2022-29464 is a simple and critical vulnerability reported by Orange Tsai, the vulnerability is a pre-au
2022-03-25
Introduction - CommonsCollections2 gadget chain analysisTo continue part 1, we will analyze CommonsCollections2 gadget c
2022-01-19
IntroductionMost of people have heard about Java deserialization apocalypse. There are great tools out there for hunting
2021-12-11
Reference:
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://www.veracode.com/blog/research/exploiting-jndi-inje
2021-09-27
IntroductionDownUnder CTF was an awesome event, I enjoyed it a lot. Unfortunately I’m not Australian so I cannot join a
2021-09-01
OGNL Injection on Confluence
Twitter is always the best place to keep up-to-date with the newest CVE or exploit. CVE-202
1 / 2