Links To My Recent Articles and Talk

June 5, 2020April 14, 2021 Fly

Talk DEFCON 28 BlockChain Village: Exploit Insecure Crypto Wallet ================================================================ Articles After I join CertiK as a Security Engineer, my articles(write-ups, vulnerability analysis, etc) post under CertiK’s website and medium. Here is a list of them: Uranium Finance Exploit – Technical Analysis https://www.certik.org/blog/uranium-finance-exploit-technical-analysis ================================================================ Crypto Wallet Security Assessment Checklist https://certik-io.medium.com/crypto-wallet-security-assessment-checklist-a977e3e80b99 ================================================================ Blockchain explorer Denial-of-Service (DoS) […]

CSAW CTF(Web)

September 15, 2019November 9, 2020 Fly

Note: This write up doesn’t explain all steps, for free to email me at: peipei123gt@gmail.com if you not sure how I get X. ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ #BabyCSP: 1. Bad CSP rule: ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ 2. Submit a post with the payload and report […]

Exploit CVE-2017-16088

August 16, 2019December 8, 2020 Fly

CVE Detail(Link): The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Background: On Mar 3, 2017, Github user “odino” opened a security issue in the safeEval GitHub repository and provide a one-line […]

Apache Struts s2-057 POC and dynamic analysis

February 1, 2019November 9, 2020 Fly

The detail about Apache Struts S2-057 Vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2018-11776 ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ Ubuntu: 1. Setup the environment 1.1 System version: ubuntu 14.04. 1.2 Install apache tomcat: sudo apt-get install tomcat7 sudo apt-get install tomcat7-docs tomcat7-admin tomcat7-examples sudo apt-get install default-jdk 1.3 Download the vulnerable Apache struts from: https://archive.apache.org/dist/struts/2.3.34/ 1.4 Extra files from the Zip […]

Raymond James CTF

October 29, 2018November 9, 2020 Fly

I went to Tampa, Florida last weekend to participate Raymond James CTF. My team got 3rd place with $2500 award. The weather in Florida is so0O gO0od: 24 degrees C, meanwhile it’s like 3 degrees C in Baltimore. The team photo: My eyes were closed lol. The trophy: The coin from gam3z: The onsite-CTF was 70% […]

picoctf CTF 2018 Flaskcards serial

October 9, 2018November 9, 2020 Fly

picoCTF is a CTF hosted by CMU targeted at high school students, which is a great opportunity for beginner to improve their skill. I enjoy this CTF a lot.Not really a Team, just me. This is the Writeup for Flaskcards serial: “Flaskcards”, “Flaskcards Skeleton Key” and “Flaskcards and Freedom”. All three problems have the same interface: first […]

༼ つ ◕_◕ ༽つ

Category: Writeup