Normal view

There are new articles available, click to refresh the page.
Before yesterdayOrange

Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!

17 August 2022 at 16:00
Hi, this is my fifth time speaking at Black Hat USA and DEFCON. You can get the slide copy and video there: Let’s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS (slides) Let’s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS (video - TBD) As the most fundamental Data Structure in Computer Science, Hash Table is extensively

A New Attack Surface on MS Exchange Part 4 - ProxyRelay!

19 October 2022 at 07:58
This is a cross-post blog from DEVCORE. You can check the series on: A New Attack Surface on MS Exchange Part 1 - ProxyLogon! A New Attack Surface on MS Exchange Part 2 - ProxyOracle! A New Attack Surface on MS Exchange Part 3 - ProxyShell! A New Attack Surface on MS Exchange Part 4 - ProxyRelay! Hi, this is a long-time-pending article. We could

從 2013 到 2023: Web Security 十年之進化與趨勢!

12 August 2023 at 08:00
TL;DR for Hackers & Researchers: this is a more conceptual talk for web developers. All are in Mandarin but you can check the slides here if interested.好久沒有打部落格了,紀錄一下這次我在 WebConf 2023 上的演講,大概就是把 Web Security 這十年的演化趨勢分類、並給出相對應的攻擊手法當案例,雖然沒配演講看投影片應該不知道在供三小,不過有興趣還是可以點這邊獲得投影片!由於聽眾皆為網站開發者 (涵蓋前端、後端甚至架構師),因此選用的攻擊手法力求簡單、可快速理解又有趣,不談到防禦手法也在因為短短 45 分鐘內絕對涵蓋不完,所以給自己訂下的小目標是: 只要有一項也好,如果開發者遇到同樣場景、腦中會跳出個

❌
❌