2023 CISCN 初赛 Web Writeup

X1r0z published on 2023-05-29 included in category Writeup

跟 defcon 时间冲了, 抽空随便打的 (

MinIO CVE-2023-28432 & 自更新 RCE 分析

X1r0z published on 2023-05-11 included in category Web安全

正好最近入坑了 Golang, 做个简单的审计练练手

X1r0z published on 2023-05-10 included in category Java安全

Apache Kafka Clients JNDI (CVE-2023-25194) 分析以及在 Apache Druid 环境下的利用

X1r0z published on 2023-05-07 included in category Java安全

Hessian CVE-2021-43297 分析以及 D3CTF 2023 ezjava 复现

X1r0z published on 2023-05-01 included in category Writeup

2023 D3CTF

X1r0z published on 2023-04-30 included in category Writeup

2023 红明谷杯

X1r0z published on 2023-04-13 included in category 云安全

之前西湖论剑线下遇到了一次 k8s, 因为当时完全没接触过所以吃了个亏 (

正好最近有点时间就借着 k8s 入坑了云原生安全, 顺带在 TryHackMe 上找了一些靶机练练手