Author: Orange Tsai(@orange_8361)
P.S. This is a cross-post blog from DEVCORE
The series of A New Attack Surface on MS Exchange:A New Attack Surface on MS Exchange Part 1 - ProxyLogon!A New Attack Surface on MS Exchange Part 2 - ProxyOracle!A New Attack Surface on MS Exchange Part 3 - ProxyShell!A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
Author: Orange Tsai(@orange_8361) and Meh Chang(@mehqq_)
P.S. This is a cross-post blog from DEVCORE
Hi, this is the last part of Attacking SSL VPN series. If you haven’t read previous articles yet, here are the quick links for you:
Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs
Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as
In every year’s HITCON CTF, I will prepare at least one PHP exploit challenge which the source code is very straightforward, short and easy to review but hard to exploit! I have put all my challenges in this GitHub repo you can check, and here are some lists :P
2017 Baby^H Master PHP 2017 (0/1541 solved)
Phar protocol to deserialize malicious object
Hardcode anonymous function
Hi! This is the case study in my Black Hat USA 2018 and DEFCON 26 talk, you can also check slides here:
Breaking Parser Logic! Take Your Path Normalization Off and Pop 0days Out
In past two years, I started to pay more attention on the “inconsistency” bug. What's that? It’s just like my SSRF talk in Black Hat and GitHub SSRF to RCE case last year, finding inconsistency between the URL parser
gCalc is the web challenge in Google CTF 2018 quals and only 15 teams solved during 2 days’ competition!
This challenge is a very interesting challenge that give me lots of fun. I love the challenge that challenged your exploit skill instead of giving you lots of code to find a simple vulnerability or guessing without any hint. So that I want to write a writeup to note this :P
The challenge
Author: Orange Tsai(@orange_8361) from DEVCORE
Recently, I reviewed several Web frameworks and language implementations, and found some vulnerabilities.
This is an simple and interesting case, and seems easy to exploit in real world!
Affected
All PHP version
PHP 5 < 5.6.33
PHP 7.0 < 7.0.27
PHP 7.1 < 7.1.13
PHP 7.2 < 7.2.1
Vulnerability Details
The vulnerability is on the
Hi, it’s been a long time since my last blog post.
In the past few months, I spent lots of time preparing for the talk of Black Hat USA 2017 and DEF CON 25. Being a Black Hat and DEFCON speaker is part of my life goal ever. This is also my first English talk in such formal conferences. It's really a memorable experience :P
Thanks Review Boards for the acceptance.
This post is a simple
Before
GitHub Enterprise is the on-premises version of GitHub.com that you can deploy a whole GitHub service in your private network for businesses. You can get 45-days free trial and download the VM from enterprise.github.com.
After you deployed, you will see like bellow:
Now, I have all the GitHub environment in a VM. It's interesting, so I decided to look deeper into VM :P
把出過的 CTF Web 題都整理上 GitHub 惹,包括原始碼、解法、所用到技術、散落在外的 Write ups 等等
This is the repository of CTF Web challenges I made. It contains challs's source code, solution, write ups and some idea explanation.
Hope you will like it :)
https://github.com/orangetw/My-CTF-Web-Challenges
This is my talk about being a Bug Bounty Hunter at HITCON Community 2016
It shared some of my views on finding bugs and some case studies, such as
Facebook Remote Code Execution... more details
Uber Remote Code Execution... more details
developer.apple.com Remote Code Execution
abs.apple.com Remote Code Execution
b.login.yahoo.com Remote Code Execution... more details
eBay SQL Injection
