blog-comments's People
blog-comments's Issues
CVE-2021-44228 log4j2 RCE 分析 - 4xpl0r3r's blog
4xpl0r3r's blog
https://4xpl0r3r.com/Vuln-Analysis/Vulnerability%20Analysis%20-%20CVE-2021-44228%20Log4Shell/#more
Vulnerability Analysis - CVE-2021-44228 Log4Shell Using Java 1.8
C2 Payload Hiding and Memory Forensics - 4xpl0r3r's blog
https://4xpl0r3r.com/Red-Blue/C2-Payload-Hiding-and-Memory-Forensics/
There is a common method to execute a malicious payload in a download cradle to bypass the antivirus’ detection. Here I’m going to show you how to use volatility to perform memory forensics and extrac
JavaWeb 内存马技术归纳 - 4xpl0r3r's blog
本文以Tomcat 9为核心学习并归纳了一些内存马技术,除有特殊说明外的章节外,本文使用Java 8u292
CVE-2021-4034 Linux Polkit 权限提升漏洞分析 - 4xpl0r3r's blog
About Me - 4xpl0r3r's blog
Coming soon…
Clash TUN模式下的UDP服务异常诊断与解决 - 4xpl0r3r's blog
Clash开启TUN模式后,本地UDP端口无法与外部访问正常建立连接,如何诊断问题?如何解决问题?
Deal with the network issue of UDP services with Clash TUN mode enabled - 4xpl0r3r's blog
When the TUN mode is enable in Clash, local UDP service can’t build connection with clients on the Internet. How to diagnose it? How to fix it?
OSCE3 Review (OSCP+OSEP+OSWE+OSED) - 4xpl0r3r's blog
https://4xpl0r3r.com/Certifications/OSCE3-Review-OSCP-OSEP-OSWE-OSED/
In January 2022, I achieved the OSCE3. This passage includes the reviews of OSCP, OSEP, OSWE, and OSED.
DIPD-文档 - 4xpl0r3r's blog
https://cn.4xpl0r3r.com/%E6%96%87%E6%A1%A3/DIPD-%E6%96%87%E6%A1%A3/#more
4xpl0r3r/DIPD: Debug with IDA and Pwntools in Docker (DIPD) (github.com)
OSCE3之路 - OSWE | WEB300 - 4xpl0r3r's blog
https://cn.4xpl0r3r.com/%E8%AF%81%E4%B9%A6/OSCE3%E4%B9%8B%E8%B7%AF-OSWE-WEB300/
在2022年1月我拿到了OSCE3,OSWE是我在21年4月拿到的,本篇我们来介绍WEB300-OSWE,它是关于OffSec关于Exploit Development的第一个认证。
使用CodeQL发现Log4j CVE-2021-44228 - 4xpl0r3r's blog
虽然已经有了一个针对”Potential Log4J LDAP JNDI injection (CVE-2021-44228)”的实验性CWE-020 Query,但这次我想改写CWE-074,使其能够发现CVE-2021-44228。
在Tomcat环境下使用JNDI绕过trusted codebase限制的Exploit - 4xpl0r3r's blog
在CVE-2021-44228 log4j2 RCE 分析中,我们实现了在Java 8u181中通过JNDI加载恶意类实现RCE,本文我们实现一个在trusted codebase限制下实现RCE的Exploit
DIPD-Document - 4xpl0r3r's blog
https://4xpl0r3r.com/Docs/DIPD-Document/#more
4xpl0r3r/DIPD: Debug with IDA and Pwntools in Docker (DIPD) (github.com)
404 - 4xpl0r3r's blog
Click me to return to home page
Vulnerability Analysis - CVE-2021-44228 Log4Shell - 4xpl0r3r's blog
Vulnerability Analysis - CVE-2021-44228 Log4Shell - 4xpl0r3r's blog
Using CodeQL to find out Log4j CVE-2021-44228 - 4xpl0r3r's blog
https://4xpl0r3r.com/Experience/Using-CodeQL-to-find-out-Log4j-CVE-2021-44228/
Although there is a experimental CWE-020 query used for “Potential Log4J LDAP JNDI injection (CVE-2021-44228)” already, but at this time, I want to refit the CWE-074 to make it could find out CVE-202
OSCE3之路 - OSEP | PEN300 - 4xpl0r3r's blog
https://cn.4xpl0r3r.com/%E8%AF%81%E4%B9%A6/OSCE3%E4%B9%8B%E8%B7%AF-OSEP-PEN300/
在2022年1月我拿到了OSCE3,OSEP是我在21年8月拿到的,其和PEN200-OSCP均属于PEN系列,也就是渗透测试类。
OSCE3之路 - OSED | EXP301 - 4xpl0r3r's blog
https://cn.4xpl0r3r.com/%E8%AF%81%E4%B9%A6/OSCE3%E4%B9%8B%E8%B7%AF-OSED-EXP301/
OSED是我在在2022年1月拿到的,同时也是我OSCE3所需的最后一个证书,其名称为301,而不是300,这是因为EXP301-OSED专注于Windows环境下的二进制安全开发与利用。
Vulnerability-Analysis - CVE-2021-4034 Linux Polkit Privilege Escalation - 4xpl0r3r's blog
The major reference: Qualys’ Advisory
CVE-2021-44228 log4j2 RCE 分析 - 4xpl0r3r's blog
OSCE3之路 - OSCP | PEN200 - 4xpl0r3r's blog
https://cn.4xpl0r3r.com/%E8%AF%81%E4%B9%A6/OSCE3%E4%B9%8B%E8%B7%AF-OSCP-PEN200/
在2022年1月我拿到了**大陆第一个OSCE3,我在参与PEN200-OSCP时使用的是2020年更新的新版教材(含域内容),但考试依然是旧版(不含域内容),在2022年OSCP的考试形式已经更新为新版形式(含域内容)。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.