IntroductionTypeConfuseDelegate is a gadget chain take advantage of SortedSet class calls the comparator class to sort w

Reference https://pulsesecurity.co.nz/articles/EL-Injection-WAF-Bypass https://www.rapid7.com/blog/post/2022/06/02/activ

IntroductionCVE-2022-29464 is a simple and critical vulnerability reported by Orange Tsai, the vulnerability is a pre-au

Introduction - CommonsCollections2 gadget chain analysisTo continue part 1, we will analyze CommonsCollections2 gadget c

IntroductionMost of people have heard about Java deserialization apocalypse. There are great tools out there for hunting

Reference: https://www.lunasec.io/docs/blog/log4j-zero-day/ https://www.veracode.com/blog/research/exploiting-jndi-inje

IntroductionDownUnder CTF was an awesome event, I enjoyed it a lot. Unfortunately I’m not Australian so I cannot join a

OGNL Injection on Confluence Twitter is always the best place to keep up-to-date with the newest CVE or exploit. CVE-202

ProxyShell Microsoft ExchangeReference: The original talk is from Orange Tsai: https://i.blackhat.com/USA21/Wednesday-