Links To My Recent Articles and Talk

Talks DEFCON 28 BlockChain Village: Exploit Insecure Crypto Wallet ================================================================ Security workshop with Binance Smart Chain: Understanding Security Risks in DeFi ================================================================ Security risks in DeFi(Guest speaker for the Blockchain Cyberdefense Design Challenge at the Columbia university) ================================================================ DEFCON 29 BlockChain Village: Evils in the DeFi world ================================================================ Articles After I […]


Note:  This write up doesn’t explain all steps, for free to email me at: if you not sure how I get X. ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ #BabyCSP: 1. Bad CSP rule: ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ 2. Submit a post with the payload and report […]

Exploit CVE-2017-16088

CVE Detail(Link): The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Background: On Mar 3, 2017, Github user “odino” opened a security issue in the safeEval GitHub repository and provide a one-line […]

Apache Struts s2-057 POC and dynamic analysis

The detail about Apache Struts S2-057 Vulnerability: ‌‌ ‌‌ ‌‌ ‌‌ ‌‌ Ubuntu: 1. Setup the environment 1.1 System version: ubuntu 14.04. 1.2 Install apache tomcat: sudo apt-get install tomcat7 sudo apt-get install tomcat7-docs tomcat7-admin tomcat7-examples sudo apt-get install default-jdk 1.3 Download the vulnerable Apache struts from: 1.4 Extra files from the Zip […]

Raymond James CTF

I went to Tampa, Florida last weekend to participate Raymond James CTF. My team got 3rd place with $2500 award. The weather in Florida is so0O gO0od: 24 degrees C, meanwhile it’s like 3 degrees C in Baltimore. The team photo: My eyes were closed lol. The trophy: The coin from gam3z: The onsite-CTF was 70% […]

picoctf CTF 2018 Flaskcards serial

picoCTF is a CTF hosted by CMU targeted at high school students, which is a great opportunity for beginner to improve their skill. I enjoy this CTF a lot.Not really a Team, just me.  This is the Writeup for Flaskcards serial: “Flaskcards”, “Flaskcards Skeleton Key” and “Flaskcards and Freedom”. All three problems have the same interface: first […]