Just a Blog by Sharkkcode ... 紀錄，也是一種享受生活的方式 XD

OSINT Exercise 011 解題紀錄 任務 https://gralhix.com/list-of-osint-exercises/osint-exercise-011/ 任務要求：找出圖中四位人物的名稱。 這題我找 剝殼雞蛋 跟我一起解，原先是想要比誰先解出來，但是因為太難所以決定合作🥺 我們的解題過程 首先先放個我們看完題目後的心理狀態： 單看圖片沒有什麼頭緒，先用圖片搜尋來看有沒有其他的線索。 找到 As Libyan parties delay naming unity government, UN urges steps to end political divisions 這篇文章，其中有一張圖片幾乎與原圖如出一轍，圖片下方有註釋：「 Signing of the Libyan Political Agreement in Skhirat, Morocco, 17 December 2015. 」 ，到這邊我們可以推斷出幾件事情： 知道照片拍攝於 2015/12/17 。 影片中的人們應該正在簽署 Liby ...

Use Ghidra to find the offset of SSL_write() in the chrome.dll file from Chrome version 129.0.6668.71 You need to first prepare Chrome version 129.0.6668.71 . SSL_write() is located in boringssl ( boringssl/ssl/ssl_lib.cc ) , a third-party library used by Chrome. Finding the location of SSL_write() in the source code first will help locate its offset in chrome.dll later. Search for the source code of boringssl/ssl/ssl_lib.cc Now, let's start looking for the source code of Chrome version 129.0.66 ...

This is my Web Security Academy SQL injection lab writeups. https://portswigger.net/web-security/sql-injection Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data Description This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following: 1SELECT * FROM products WHERE category = 'Gifts' AND released = 1 To solve the lab, perform a SQL injectio ...

CSAW CTF Qualification Round 2024 Writeups This is the writeup for my competition. It includes the solutions to the problems I solved during the contest, as well as some problems I managed to solve after the event. It's meant to share some of my thought processes, the techniques I learned, and the skills I acquired through solving these problems. Competition website link: https://ctf.csaw.io/ Backup of competition problems: https://github.com/osirislab/CSAW-CTF-2024-Quals INTRO Flag ( Ques ...

CVE-2024-6239 This is my first CVE!!! I am preparing to share the process of how I discovered, explored, and submitted this CVE. The structure of this topic will be presented as a directory that reflects the entire process of vulnerability discovery and CVE application from start to finish. The process involves selecting a target project, narrowing down the scope, reviewing the source code (since the project I’m researching is open-source), conducting fuzzing tests on areas of interest, analyz ...

Detailed Guide to Getting Started with Windows ETW Disclaimer: The following content is based on information from the internet and some of my own notes, aimed at a more comprehensive study and recording of ETW-related knowledge. Environment Operating System: Windows 10 21H1 Introduction to ETW History ETW (Event Tracing for Windows) was first introduced in Windows 2000, after which the operating system core and services began using ETW to log events. After Windows Vista, ETW introduced a uni ...

Understanding Yara, Sigma, and Snort Rules in Cybersecurity In the field of cybersecurity, Yara , Sigma , and Snort are essential tools used for creating and implementing rules to detect and respond to security threats. Each tool serves a unique purpose and has its own strengths and weaknesses. This article provides an overview of these tools, including a practical examples of Yara rules and detailed installation and usage instructions for the Windows enviroment. Overview Tool Primary U ...

OSINT Exercise 001 walkthrough I came to know about this interesting website because of an introduction by Ball45. Challenge INFO https://gralhix.com/list-of-osint-exercises/osint-exercise-001/ My Solution Kiffa is located in Mauritania, and its location can be roughly pinpointed using Google Maps: The map shows that it is not too far from the equator, so it should follow the general pattern of the sun rising in the east and setting in the west: Using the pattern of the sun's rise and set a ...

basic mod 1 https://play.picoctf.org/practice/challenge/253 The file ./message.txt contains a series of numbers. By taking each number mod 37 and then mapping them according to the rules ( 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. ) mentioned in the question, you can obtain the flag. exploit 123456789101112131415161718192021import stringmes = ""with open("./message.txt") as fp: mes = fp.read().strip()print(mes)mes_arr = mes.sp ...

作品集 研究所時期 主題 連結網址 說明 程式安全 Computer Security 2023 FALL hw0 連結網址 CTF 、學習筆記 程式安全 Computer Security 2023 FALL tool 連結網址 CTF 、學習筆記 Randomized Algorithms 連結網址 學習筆記 大學時期 主題 連結網址 說明 pwnable tw writeup ( start ) 連結網址 CTF PWN Travel Vision 大數據視覺化 連結網址 國立中正大學資訊管理學系畢業專題 The Detection of Fake News 連結網址 國立中正大學資料探勘期末報告 Artificial Neural Network 連結網址 國立中正大學 AI 助教 slide SHELL CTF 2022 writeup 連結網址 CTF writeup Google CTF 2021 連結網址 CTF 2019 Trendmicro CTF Wildcard 400 連結網址 CTF 威脅分析 ...