普通视图

发现新文章,点击刷新页面。
昨天以前Orange

[中文] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2024年8月9日 11:00
Orange Tsai (@orange_8361)  |  繁體中文版本  |  English Version嗨,這是我今年發表在 Black Hat USA 2024 上針對 Apache HTTP Server 的研究。 此外,這份研究也將在 HITCON 和 OrangeCon 上發表,有興趣搶先了解可點此取得投影片: Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! 另外也謝謝來自 Akamai 的友善聯繫! 此份研究發表後第一時間他們也發佈了緩解措施 (詳情可參考 Akamai 的部落格)。TL;DR這篇文章探索了 Apache HTTP Server 中存在的架構問題,介紹了數個 Httpd 的架構債,包含 3 種不同的

從 2013 到 2023: Web Security 十年之進化與趨勢!

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2023年8月12日 16:00
TL;DR for Hackers & Researchers: this is a more conceptual talk for web developers. All are in Mandarin but you can check the slides here if interested.好久沒有打部落格了,紀錄一下這次我在 WebConf 2023 上的演講,大概就是把 Web Security 這十年的演化趨勢分類、並給出相對應的攻擊手法當案例,雖然沒配演講看投影片應該不知道在供三小,不過有興趣還是可以點這邊獲得投影片!由於聽眾皆為網站開發者 (涵蓋前端、後端甚至架構師),因此選用的攻擊手法力求簡單、可快速理解又有趣,不談到防禦手法也在因為短短 45 分鐘內絕對涵蓋不完,所以給自己訂下的小目標是: 只要有一項也好,如果開發者遇到同樣場景、腦中會跳出個

A New Attack Surface on MS Exchange Part 3 - ProxyShell!

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2021年8月18日 23:08
Author: Orange Tsai(@orange_8361) from DEVCORE P.S. This is a cross-post blog from Zero Day Initiative (ZDI) This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021!  Please visit the following link to read that :)FROM PWN2OWN 2021

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2020年9月12日 17:25
Author: Orange TsaiThis is a cross-post blog from DEVCORE. 中文版請參閱這裡 Hi, it’s a long time since my last article. This new post is about my research this March, which talks about how I found vulnerabilities on a leading Mobile Device Management product and bypassed several limitations to achieve unauthenticated RCE. All the vulnerabilities have been reported to the vendor and

你用它上網,我用它進你內網! 中華電信數據機遠端代碼執行漏洞

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2019年11月11日 18:15
For non-native readers, this is a writeup of my DEVCORE Conference 2019 talk. Describe a misconfiguration that exposed a magic service on port 3097 on our country's largest ISP, and how we find RCE on that to affect more than 250,000 modems :P 大家好,我是 Orange! 這次的文章,是我在 DEVCORE Conference 2019 上所分享的議題,講述如何從中華電信的一個設定疏失,到串出可以掌控數十萬、甚至數百萬台的家用數據機漏洞! 前言 身為 DEVCORE 的研究團隊,我們的工作

An analysis and thought about recently PHP-FPM RCE(CVE-2019-11043)

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2019年10月30日 00:45
First of all, this is such a really interesting bug! From a small memory defect to code execution. It combines both binary and web technique so that’s why it interested me to trace into. This is just a simple analysis, you can also check the bug report and the author neex’s exploit to know the original story :D Originally, this write-up should be published earlier, but I am now traveling and

Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2019年8月10日 04:53
Author: Meh Chang(@mehqq_) and Orange Tsai(@orange_8361) This is also the cross-post blog from DEVCORE Last month, we talked about Palo Alto Networks GlobalProtect RCE as an appetizer. Today, here comes the main dish! If you cannot go to Black Hat or DEFCON for our talk, or you are interested in more details, here is the slides for you! Infiltrating Corporate Intranet Like NSA: Pre-auth

Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2019年7月17日 20:27
Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_) P.S. This is a cross-post blog from DEVCORE SSL VPNs protect corporate assets from Internet exposure, but what if SSL VPNs themselves are vulnerable? They’re exposed to the Internet, trusted to reliably guard the only way to your intranet. Once the SSL VPN server is compromised, attackers can infiltrate your Intranet and even take

Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2019年2月19日 20:00
This is also a cross-post blog from DEVCORE, this post is in English, 而這裡是中文版本! #2019-02-22-updated #2019-05-10-updated #2019-05-10-released-exploit code awesome-jenkins-rce-2019 #2019-07-02-updated the slides is out! --- Hello everyone! This is the Hacking Jenkins series part two! For those people who still have not read the part one yet, you can check following link to get some basis and

Hacking Jenkins Part 1 - Play with Dynamic Routing

✇Orange
作者 noreply@blogger.com (Orange Tsai)
2019年1月16日 20:10
This is a cross-post blog from DEVCORE, this post is in English, 而這裡是中文版本! # Part two is out, please check this --- In software engineering, the Continuous Integration and Continuous Delivery is a best practice for developers to reduce routine works. In the CI/CD, the most well-known tool is Jenkins. Due to its ease of use, awesome Pipeline system and integration of Container, Jenkins is

❌
❌