Web Security Academy SQL injection Writeups
This is my Web Security Academy SQL injection lab writeups.
https://portswigger.net/web-security/sql-injection
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Description
This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following:
1SELECT * FROM products WHERE category = 'Gifts' AND released = 1
To solve the lab, perform a SQL injectio ...
CSAW CTF Qualification Round 2024 Writeups
CSAW CTF Qualification Round 2024 Writeups
This is the writeup for my competition. It includes the solutions to the problems I solved during the contest, as well as some problems I managed to solve after the event. It's meant to share some of my thought processes, the techniques I learned, and the skills I acquired through solving these problems.
Competition website link:
https://ctf.csaw.io/
Backup of competition problems:
https://github.com/osirislab/CSAW-CTF-2024-Quals
INTRO
Flag ( Ques ...
CVE-2024-6239
CVE-2024-6239
This is my first CVE!!! I am preparing to share the process of how I discovered, explored, and submitted this CVE.
The structure of this topic will be presented as a directory that reflects the entire process of vulnerability discovery and CVE application from start to finish. The process involves selecting a target project, narrowing down the scope, reviewing the source code (since the project I’m researching is open-source), conducting fuzzing tests on areas of interest, analyz ...
Detailed Guide to Getting Started with Windows ETW
Detailed Guide to Getting Started with Windows ETW
Disclaimer: The following content is based on information from the internet and some of my own notes, aimed at a more comprehensive study and recording of ETW-related knowledge.
Environment
Operating System: Windows 10 21H1
Introduction to ETW
History
ETW (Event Tracing for Windows) was first introduced in Windows 2000, after which the operating system core and services began using ETW to log events. After Windows Vista, ETW introduced a uni ...
Understanding Yara, Sigma, and Snort Rules in Cybersecurity
Understanding Yara, Sigma, and Snort Rules in Cybersecurity
In the field of cybersecurity, Yara , Sigma , and Snort are essential tools used for creating and implementing rules to detect and respond to security threats. Each tool serves a unique purpose and has its own strengths and weaknesses. This article provides an overview of these tools, including a practical examples of Yara rules and detailed installation and usage instructions for the Windows enviroment.
Overview
Tool
Primary U ...
OSINT Exercise 001 walkthrough
OSINT Exercise 001 walkthrough
I came to know about this interesting website because of an introduction by Ball45.
Challenge INFO
https://gralhix.com/list-of-osint-exercises/osint-exercise-001/
My Solution
Kiffa is located in Mauritania, and its location can be roughly pinpointed using Google Maps:
The map shows that it is not too far from the equator, so it should follow the general pattern of the sun rising in the east and setting in the west:
Using the pattern of the sun's rise and set a ...
basic mod 1
basic mod 1
https://play.picoctf.org/practice/challenge/253
The file ./message.txt contains a series of numbers. By taking each number mod 37 and then mapping them according to the rules ( 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. ) mentioned in the question, you can obtain the flag.
exploit
123456789101112131415161718192021import stringmes = ""with open("./message.txt") as fp: mes = fp.read().strip()print(mes)mes_arr = mes.sp ...
Portfolio
作品集
研究所時期
主題
連結網址
說明
程式安全 Computer Security 2023 FALL hw0
連結網址
CTF 、學習筆記
程式安全 Computer Security 2023 FALL tool
連結網址
CTF 、學習筆記
Randomized Algorithms
連結網址
學習筆記
大學時期
主題
連結網址
說明
pwnable tw writeup ( start )
連結網址
CTF PWN
Travel Vision 大數據視覺化
連結網址
國立中正大學資訊管理學系畢業專題
The Detection of Fake News
連結網址
國立中正大學資料探勘期末報告
Artificial Neural Network
連結網址
國立中正大學 AI 助教 slide
SHELL CTF 2022 writeup
連結網址
CTF writeup
Google CTF 2021
連結網址
CTF
2019 Trendmicro CTF Wildcard 400
連結網址
CTF 威脅分析 ...
About_Sharkkcode
關於我
常用 Nickname : Sharkkcode 、 sharkkcode 、 Shark|||
熱衷於程式設計、資訊安全、人工智慧以及教育。
我的基本資訊
資訊
連結或內容
Gmail
fuhanpan.zzz@gmail.com
Instagram
_river________
BLOG 文章整理、作品整理、導覽
連結
Github 個人頁面
連結
我的資安經歷
第八屆臺灣好厲駭
第七屆臺灣好厲駭
第六屆臺灣好厲駭
Hitcon 2022, 2023
AIS3 2022
SHELL CTF 2022
Google CTF 2021
NISRA 2021
此 Blog 所使用的圖片大多都來自 這裡 、自行攝影或經作者同意使用,如果有需要標明出處、作者等等資訊或者覺得有不當使用的地方等等,可以聯絡我討論,謝謝!
Randomized Algorithms
Randomized Algorithms
這邊是我對 Randomized Algorithms 的一些筆記與理解。
Lecture 01 : Events and Probability
Outline
Experiment ( 試驗 ) and Sample Space ( 樣本空間 )
Events ( 事件 ) and Probability ( 機率 )
Union Bound ( 布式不等式 )
Experiment
A process to produce an outcome.
Random Experiment
Experiment whose outcome is not known until the process is done.
Sample Space
The set of all outcomes of an experiment.
Events
A subset of the sample space.
Probability
A function Pr to measure the chance for each event to occu ...